Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Hot Offering on Darknet: Access to Corporate Networks

More Ads Offer Access for a Substantial Price: Positive Technologies
Hot Offering on Darknet: Access to Corporate Networks

The number of darknet forum advertisements offering full access to corporate networks jumped almost 70% during the first quarter of 2020, compared to the previous quarter, posing a significant potential risk to corporations and their now remote workforces, according to security firm Positive Technologies

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Late last year, cybercriminals began to shift their focus from buying access to specific corporate servers, sometimes for as little as $20, to purchasing the ability to gain full network-level access, Positive Technologies says. The number of darknet ads for corporate network climbed to 88 in the first quarter of this year, compared to 50 in the fourth quarter, according to the company's report published Wednesday.

Network-level access is generally priced between $2,500 and $10,000, but the price can go as high as $100,000, the report notes.

"Most likely, [criminal] cryptographic operators served as the growth driver, when switching their focus of attention from individuals to large companies, and their affiliates started buying large amounts of accesses to company networks," Vadim Solovyov, senior analyst for Positive Technologies, tells Information Media Security Group.

Network access credentials being sold on the darknet likely were acquired through phishing, brute force attacks and login stealing malware, the report states. Also offered for sale on the darknet are details about how to exploit software vulnerabilities that would allow network access, along with remote access Trojan, or RAT, malware.

The increased availability of credentials and other details needed to gain access to corporate networks means that low-skilled threat actors can potential more easily target large organizations, according to the report.

"This issue is especially acute now that so many employees are working from home,” the report notes. “Hackers will look for any and all security lapses on the network perimeter, such as an unprotected web application, non-updated software, or incorrectly configured server with a weak administrator password."

Commissions Paid

Positive Technologies notes that some of the network access information is being sold on a commission basis, with the buyer paying back up to 30% of any profit made to the seller when access is gained to an organization and monetized through ransomware or another type of attack.

Example of access points for sale (Source: Positive Technologies)

Positive Technologies says ransomware operators sometimes buy network access credentials from one set of criminals and then hire others to infect local networks with malware in return for a large percentage of the victim's ransom. On darknet forums, this setup is known as a "ransomware affiliate program," the report states (see: Ransomware Attackers Exfiltrate Data From Magellan Health).

"However, in this case, it’s not only ransomware that’s possible," Solovyov says. "Corporate level access can be used by malefactors in a wide range of actions - from mass attacks aimed at creating botnets or mining farms, to more targeted attacks on specific industries, or even on individual companies for stealing data or money."


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.