Access to corporate networks for sale on the Dark Web
We've already seen that Dark Web marketplaces are seeking to cash in on the COVID-19 pandemic, but new research from Positive Technologies also shows a lot of interest in accessing corporate networks.
In the first quarter of this year the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This is likely to pose a significant risk to corporate infrastructure, especially now that many employees are working remotely.
The final quarter of 2019 saw over 50 access points to the networks of major companies from all over the world (the same number as during all of 2018) were publicly available for sale. In Q1 2020, this number rose to 80. Criminals mostly sell access to industrial companies, professional services companies, finance, science and education, and IT (together accounting for 58 percent of these offers).
"Large companies stand to become a source of easy money for low-skilled hackers," Positive Technologies' senior analyst Vadim Solovyov says. "Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter. The larger the hacked company is, and the higher the obtained privileges, the more profitable the attack becomes."
The hackers primary target is US companies (accounting for more than a third of the total), followed by Italy and the UK (5.2 percent each), Brazil (4.4 percent), and Germany (3.1 percent). In the US, criminals predominately sell access to professional services companies (20 percent), industrial companies (18 percent), and government institutions (14 percent). In Italy, industrial companies lead (25 percent), followed by professional services (17 percent). In the UK, science and educational organizations account for 25 percent, and finance for 17 percent. In Germany, IT and professional services each account for 29 percent of access points for sale.
In most cases, access to networks is sold on to other Dark Web criminals. They then either develop an attack on business systems themselves or hire a team of more skilled hackers to escalate network privileges and infect critical hosts in the victim's infrastructure with malware.
The full report is available from the Positive Technologies site.