Kathy Gibson reports from Jordan – The dark web is more than a marketplace for criminal products or services – it can hold real dangers for corporates.
Yuliya Novikova, head of security services analysis, explains that players on the dark web offer services from malware as a service, to human resources, from exfiltrating data to selling it, and even laundering the resulting funds.
Initial access to a company’s systems is what should concern organisations.
This would typically be performed by a “newbie” criminal, selling data for access, to advanced cybercriminals who buy the information to develop sophisticated attacks.
“Does this mean anyone can get access to the company?” Novikova asks. “Yes, it does. And yes, it really is that easy.”
The first way is by exploiting vulnerabilities on the network perimeter. These can be unpatched software with available exploits, vulnerabilities in Web applications, misconfigured services, or zero-day vulnerabilities.
Another way is by phishing attacks. Most common attack scenarios include fake business correspondence from partners, fake links for online meetings or documents, and Covid-related emails.
In Turkey, the accounts of 1,4-million users were stolen by data thieves in 2021 and 2022. South Africa was not far behind, with 1,27-million users being exposed. In Kenya, 375 011 accounts of users were stolen during the same period.
Selling this information is the next step, and buyers would typically be more sophisticated, or mature, cybercriminals, says Novikova.
Kaspersky researchers found that not only corporate data itself is for sale, but also the information necessary for access to corporate networks to organise that attack. According to the information shared at the annual Kaspersky Cybersecurity weekend, globally the average cost for access to corporate systems is in the range from $2 000 to $4 000, and in META the average price for access to corporate infrastructure is $2 100.
A massive 75% of all offers are accessed through remote desktop protocol, so they are easy for attackers to access the victims’ systems.
Victims are from a variety of industries, including manufacturing, telecommunications, insurance, development, banking and more. One was even a cybersecurity company.
Generally, all the attackers are after is money, Novikova says, and often the best way to monetise their information is to run a ransomware auction.
The auction price of stolen data may bring the cybercriminals millions of dollars – and open the organisation up to multiple ransomware attacks.
“This demonstrates that organisations need to meet any breach with immediate action,” Novikova says. “And the faster a breach is detected, the better they will be able to react.
“Kaspersky offers digital footprint intelligence, detecting and monitoring threats by dark web monitoring,” she adds.