itb-au logo
Story image

Dark web packed with offers to hack corporate networks

There is a flood of interest in accessing corporate networks on the dark web, according to new research from Positive Technologies.

The company analysed illegal marketplaces on the dark web and found the number of postings advertising access to these networks increased by 69% in the first quarter of 2020, compared to the previous quarter. 

Positive Technologies says this may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. 

"Access for sale" on the dark web is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.

In Q4 2019, more than 50 access points to the networks of major companies from all over the world were publicly available for sale -- the same number as during all of 2018. In Q1 2020, this number rose to 80. Criminals mostly sell access to industrial companies, professional services companies, finance, science and education, and IT (together accounting for 58% of these offers).

According to Positive Technologies, only a year ago, criminals seemed to be more interested in trading in individual servers. Access to them was sold on the dark web for as little as to $20. However, in the second half of 2019, Positive Technologies has seen an increasing interest in the purchase of access to local corporate networks. Prices have also skyrocketed: the company says it has seen hackers offer a commission of up to 30% of the potential profit from a hack of a company’s infrastructure - with annual income exceeding $500 million. The average cost of privileged access to a single local network is in the range of $5,000.

The research found that some major companies have become the victims of these crimes, with annual incomes running into the hundreds of millions or even billions of dollars. In terms of location, hackers’ primary target is U.S. companies (more than a third of the total), followed by Italy and the United Kingdom (5.2% each), Brazil (4.4%), and Germany (3.1%). 

In the U.S., criminals predominately sell access to professional services companies (20%), industrial companies (18%), and government institutions (14%). In Italy, industrial companies lead (25%), followed by professional services (17%). In the United Kingdom, science and educational organisations account for 25%, and finance for 17%. In Germany, IT and professional services each account for 29% of access points for sale.

In most cases, access to these networks is sold to other dark web criminals. They either develop an attack on business systems themselves or hire a team of more skilled hackers to escalate network privileges and infect critical hosts in the victim's infrastructure with malware. Ransomware operators were among the first to use this scheme.

“Large companies stand to become a source of easy money for low-skilled hackers. Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter," says Positive Technologies senior analyst Vadim Solovyov.

"The larger the hacked company is, and the higher the obtained privileges, the more profitable the attack becomes," he says.

“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network. Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time. 

"Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.”

Story image
Businesses must understand the link between empathy and personalisation
Empathy and personalisation are two key modes in which businesses can gain trust with and form better relationships with customers, according to a new Genesys survey. More
Link image
Data centres in 2020 need top-notch hardware. They're in luck
To keep up with surging global demand for data, data centres need the best hardware there is. With lightning-fast connectivity, massive storage capacity and iron-clad security, Secure Provenance is the answer.More
Story image
Schneider Electric launches public API for cloud-based software
As the first public API for the software, it enables IT solution providers and end users to integrate a power and critical infrastructure monitoring platform into their preferred management system.More
Story image
VMware & partners mobilise enterprise business continuity in times of disruption
VMware says it has taken a ‘Connect, Accelerate, Scale, and Protect’ approach to protecting businesses and supporting enterprises with their business continuity plans.More
Story image
Snowflake and Salesforce release integrated tools in new phase of partnership
Joint customers of the two companies will be able to transfer data easily from Salesforce into the Snowflake Cloud Data Platform – removing gaps in data while making insights more accessible.More
Story image
Data protection, DX 'held back' by legacy technology - report
A new Veeam report finds legacy technology is holding back almost half of global companies in their DX journeys – with 44% citing lack of IT skills or expertise as a barrier to success.More