Positive Technologies experts conducted black market research and found a surge in interest in accessing the corporate network: in the first quarter of 2020, the number of offers to sell such data was 69% higher than the previous quarter.
Researchers note that the identified trend significantly affects the security of corporate infrastructure, and especially during the period of mass transfer of employees to remote work.
The company’s report states that in the fourth quarter of 2019 at hacker forums you could find more than 50 offers for selling access to the networks of large companies from around the world (approximately the same number of experts counted for the whole of 2018). But already in the first quarter of 2020, more than 80 companies offered access to the networks on the black market. Most often, attackers sell access to the network of industrial organizations, companies from the services, finance, science, and education sectors, as well as information technology (58% of the total offers).
If a year or two ago, attackers were mainly interested in access to single servers, and such access cost about $ 20, then from the second half of 2019 there has been an increase in interest in buying access to entire local networks of companies.
Recently grown and the number of transactions. For example, now for access to the infrastructure, companies with annual revenues of more than $ 500 million offer up to 30% of the potential profit after the attack is completed. The average cost of privileged access to the local network now is about $ 5,000.
The victims today include organizations with annual revenues ranging from hundreds of millions to several billion dollars. Most often, hackers sell access to networks of companies from the United States (more than a third of all offers), also the top five include Italy and the United Kingdom (5.2% each), Brazil (4.4%), Germany (3.1%).
Moreover, in the case of the USA, access is most often sold in networks of organizations from the service sector (20%), industrial companies (18%), and government agencies (14%). With regard to Italy, industry (25%) and the services sector (17%) are the leaders in demand, and in the UK - the sphere of science and education (25%), as well as the financial industry (17%). In Germany, 29% of all access sale offers are in the IT and services sectors.
Researchers write that usually buyers of such a product are other intruders. They gain access to the company’s network in order to develop an attack on their own or to hire an experienced team of hackers to increase privileges on the network and place malicious files on critical infrastructure nodes of the victim company. One of the first to adopt such a scheme was the operators of cryptographers.
We expect that in the near future, large organizations may fall under the gun of low-skilled violators who have found a way to make easy money,” says Vadim Soloviev, senior analyst at Positive Technologies. - During the period of global quarantine, when companies massively transfer employees to remote work, hackers will look for any open gap in the systems on the perimeter of the network. The larger the company whose network will be able to access, and the higher the privileges received, the more the criminal can earn.