How the Dark Web enables access to corporate networks
The number of ads selling access to corporate networks has continued to increase from 2019 to 2020 and into 2021, says Positive Technologies.
The Dark Web is home to a thriving marketplace for cybercriminals who want to buy or sell illegal and malicious goods and services. Advertisements and forum messages hawk everything from credit cards and bank accounts to medical records to account credentials to fake IDs to counterfeit products. But one of the most lucrative items up for sale is network access.
SEE: The Dark Web: A guide for business professionals (free PDF) (TechRepublic)
Getting the keys to an organization’s entire network can easily pave the way for a host of attacks, including malware, data exfiltration, corporate espionage, and ransomware. A report released Wednesday by security provider Positive Technologies looks at the selling of network access on the Dark Web and examines how this threat continues to grow.
To get the ball rolling, hackers can snag network access through a variety of methods. Account compromises are always a popular tactic, whether through regular user accounts, admin or domain accounts, and VPN or RDP (Remote Desktop Protocol) accounts.
For its report, Positive Technologies analyzed 10 popular Russian and English forums on the Dark Web that provide access to corporate networks along with ads seeking hackers for hire or hacking partners. Over time, these forums have collected more than 8 million registered users, more than 7 million conversation threads, and more than 80 million messages.
Throughout the past few years, these forums have seen a steady increase in ads with each quarter, most of them selling access to corporate networks that had already been breached. In 2020, Positive Technologies found 707 new ads, seven times the number of new ads discovered in 2019. The first quarter of 2021 alone revealed 590 new ads. The volume of new ads in search of partners and hackers for hire also jumped, likely due to the expansion of ransomware partner programs, according to the report.
Around $600,000 worth of corporate network access is sold on the Dark Web each quarter. Though that number seems low, selling prices on the Dark Web tend to be cheap, and the average cost keeps going down. Further, such cheap access is often sold by amateur criminals who fear the risks of actually carrying out an attack.
“Gaining access is only the first step in an attack, and even novice attackers can take this step,” Positive Technologies analyst Yana Yurakova said. “They are not sure that they will be able to silently move further along the network, and to monetize their efforts, they put up ready-made access for sale on the forum on the Dark Web.”
Still, the prices of network access vary depending on a range of factors, including the number of computers to be compromised, account privileges, the size of the company, the industry, and the target’s revenue and other financial aspects. In one example cited in the report, a hacker offered VPN/RDP access for three computers at a U.S. company with annual revenue of $300,000 at a starting price of $1,000.
Most of the companies with network access for sale on the Dark Web were in the services, manufacturing and research and education sectors. The networks of industrial companies and financial institutions fell lower on the list as they tend to be more difficult and expensive to hack. The lesson here is that the right security does make a difference as criminals always prefer to target easier victims.
How can organizations better protect themselves from having their network access compromised and sold on the Dark Web? To answer that question, Yurakova offers the following thoughts:
- Remember that your organization can be a target. Don’t assume that highly qualified and motivated attackers won’t target your organization or that your company is not interesting to them.
- Set up the right security. Install security updates for your software. Use a strong password policy. And implement multifactor authentication for access to critical resources. Additionally, use modern information security tools that can quickly detect any anomalies on your network.
- Train your employees. Teach your company’s employees the basics of information security so that they don’t fall for social engineering attacks.
- Make sure your security staff is qualified. Review and improve the qualifications of your information security employees. You want to ensure that they can effectively use your security tools and know how to correctly respond to a security incident.