Corporate Network Access Selling for Just $2000 on Dark Web - Infosecurity Magazine

Summary

Specialist hackers are selling access to enterprise networks for under $1000, thanks in part to a cybercrime underground flooded with compromised credentials.

Kaspersky’s analysis of the initial access broker (IAB) market revealed that the average cost for access to a large company’s systems sits between $2000 and $4000. However, this can vary significantly depending on the target organization’s revenue, sector, region and type of access offered.

Specialist hackers are selling access to enterprise networks for under $1000, thanks in part to a cybercrime underground flooded with compromised credentials.

Kaspersky’s analysis of the initial access broker (IAB) market revealed that the average cost for access to a large company’s systems sits between $2000 and $4000. However, this can vary significantly depending on the target organization’s revenue, sector, region and type of access offered.

Across the 200 dark web posts that the security vendor analyzed, 43% were offering access for under $1000, with just 17% charging more than $5000. That’s small change if an attack leads to a multimillion-dollar payout, as many ransomware breaches do.

The vast majority (75%) of posts were selling various types of RDP access. It’s one of the top three vectors for ransomware attacks, as many organizations fail to update to multi-factor authentication (MFA) or strong passwords on these servers.

That makes credentials easy to brute force or guess, although sometimes threat actors also use previously breached logins to compromise these endpoints.

Separate data from Digital Shadows out yesterday claimed that there are currently 24 billion username/password combinations in circulation on cybercrime marketplaces. That represents a 65% increase from the last time the vendor checked in 2020.

After removing duplicates, Digital Shadows said it found 6.7 billion unique credentials on the cybercrime underground, an increase of around 1.7 billion, or 34% in two years.

“We will move to a ‘passwordless’ future, but for now the issue of breached credentials is out of control,” warned senior threat intelligence analyst Chris Morgan.

“Criminals have an endless list of breached credentials they can try, but adding to this problem is weak passwords which mean many accounts can be guessed using automated tools in just seconds.”

According to Kaspersky, the top three methods of gaining initial access into corporate networks are: vulnerability exploitation; phishing; and obtaining legitimate credentials via stealer logs and password mining.

“The cyber-criminal community has evolved, not only from a technical point of view but from the standpoint of their organization,” said Kaspersky security expert Sergey Shcherbel. “Today ransomware groups look more like real industries with services and products for sale.”

Corporate Network Access Selling for Just $2000 on Dark Web - Infosecurity Magazine
Photo Credit: Infosecurity Magazine

Recent Selling Online News Articles

Disabled man forced to sell dead wife’s possessions to combat cost of living - Wales Online

Something went wrong, please try again later. Keep up to date with the latest stories with our twice daily WalesOnline newsletter A disabled man said he has been forced to sell h …

Read more here
Disabled man forced to sell dead wife’s possessions to combat cost of living - Wales Online

HomeLister wants to make selling your home more of a DIY affair, and cheaper - TechCrunch

Most real estate agents charge a commission — in many cases up to 6% of the sale price of a home — for listing and selling a house on behalf of a homeowner. For a home that sells …

Read more here
HomeLister wants to make selling your home more of a DIY affair, and cheaper - TechCrunch

As a married woman, this is the closest I’ve come to dating apps - Sydney Morning Herald

I met my now-husband back in 2002, so our relationship pre-dates the era of dating apps. I never got to try my finger at Tinder, stumble my way through Bumble, or hook up on Hinge. …

Read more here
As a married woman, this is the closest I’ve come to dating apps - Sydney Morning Herald

GST registration exemption for online seller with low turnover to boost e-commerce - Economic Times

GST Council makes e-way bill mandatory for intra-state movement of gold, precious stones With regard to e-way bill on intra-state movement of gold, gold jewellery and precious ston …

Read more here
GST registration exemption for online seller with low turnover to boost e-commerce - Economic Times

Rise of ghost brokers selling phony car insurance on social media - This is Money

Drivers are being warned to be alert for a rise in 'ghost broking' scams that largely originate on social media targeting younger motorists. The average 'ghost broking' scam is sa …

Read more here
Rise of ghost brokers selling phony car insurance on social media - This is Money