Get best of the week

Study: corporate network access trading is growing in the black market

image

Positive Technologies experts conducted a study of trading platforms in the shadow cyber services market and found a surge in interest in access to the corporate network: in the first quarter of 2020, the number of offers to sell access was 69% higher than in the previous quarter. The identified trend significantly affects the security of corporate infrastructure during the mass transfer of employees to remote work.

What happened


In the fourth quarter of 2019, more than 50 accesses to the networks of large companies from around the world were put up for sale at hacker forums (we counted the same for the whole of 2018), and in the first quarter of 2020 there were more than 80 accesses. Most often, access is sold to industrial organizations, companies from the service sector, finance, science and education, information technology (all this is 58% of the proposals in total).

If a year or two ago, attackers were mainly interested in access to single servers, which cost around $ 20, then from the second half of 2019, there has been an increase in interest in buying access to local networks of companies. Increased and the amount of transactions. For example, now for access to the infrastructure, companies with annual revenues of $ 500 million or more offer up to 30% of the potential profit after the attack is completed. The average cost of privileged access to the local network now is about $ 5000.

image

Offers to sell access to networks in the shadow market

The number of victims today includes organizations with annual revenues from hundreds of millions to several billion dollars.

Most often, accesses are sold to companies from the United States (more than a third of all offers), also the top five include Italy and the United Kingdom (5.2% each), Brazil (4.4%), Germany (3.1%). Moreover, in the case of the United States, they most often sell access to service industry organizations (20%), industrial companies (18%), and government agencies (14%). With regard to Italy, industry (25%) and the services sector (17%) are the leaders in demand, and in the UK, the sphere of science and education (25%) and the financial industry (17%). For 29% of all sold access to German companies accounted for IT and services.

image

The cost of some accesses reaches 100 thousand dollars

Typically, buyers of such a product are other intruders. They gain access to develop an attack on their own or to hire an experienced team of hackers to increase privileges on the network and host malicious files on critical infrastructure nodes of the victim company. One of the first to adopt such a scheme was the operators of cryptographers.

How to protect yourself


We expect that in the near future large organizations may fall under the scopes of low-skilled violators who have found a way to make easy money. During the global quarantine period, when companies massively transfer employees to remote work, hackers will look for any open gap in the systems on the perimeter of the network. The larger the company, the network of which will be able to gain access, and the higher the privileges received, the more the criminal can earn.

In order to avoid problems, Positive Technologies experts recommend companies to pay attention to comprehensive infrastructure protection - both on the network perimeter and on the local network. First of all, you need to make sure that all services on the network perimeter are protected, and that a sufficient level of monitoring security events is provided in the local network to identify the intruder. Regular retrospective analysis of security events will allow you to detect previously missed cyber attacks and eliminate the threat before attackers steal information or stop business processes.

The full version of the study is available here .

- . - , .

, 30 14:00, ยซ ยป Positive Technologies , , MaxPatrol SIEM PT Network Attack Discovery. , MaxPatrol SIEM PT NAD .

, .

More articles:


All Articles