The dark web is rife with listings offering to target SMEs – especially law and accounting firms – by exploiting unpatched vulnerabilities, selling stolen credentials and performing ransomware as a service (RaaS) attacks.
This is according to a recent investigation by the Guardz Research Unit (GRU), which found one particularly egregious listing offered admin-level access to a US law firm’s network for the devastatingly low price of $600.
Small businesses – which comprise 90% of all businesses and contribute 50% of the world’s GDP – are the backbone of the global economy.
Despite their critical role, they often lack crucial cybersecurity protections and are thus disproportionately vulnerable to the growing number of cyberattacks targeting them.
This makes them attractive targets for cyber criminals, who seek their sensitive and lucrative data, such as financial records, legal documentation, and personally identifiable information (PII).
Further compounding the growing trend of attack as a service tools available on the dark web, launching these attacks has become easier and cheaper than ever. Now, cybercrime tools, stolen credentials and ransomware services readily available on the dark web at shockingly low prices.
Guardz Research Unit found alarming ‘deals’ on the dark web, where hackers are essentially running a black-market economy for stolen small business data and ransomware services. Here’s what’s being sold:
- Exploitation of unpatched vulnerabilities: Over 15% of the hundreds of dark web listings analysed by Guardz offered access to organizations through vulnerabilities that were disclosed years ago. This includes the EternalBlue flaw in Windows’ Server Message Block protocol, which – despite being disclosed in 2017 – remains unpatched on many devices globally.
- Sale of stolen credentials: Dark web forums are rife with listings advertising access to small business networks through compromised Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) credentials. One such post uncovered by Guardz offered admin-level RDP access for an accounting firm being auctioned for the price of $1 800; elsewhere, lower-level credentials are being sold for as little as $300. Once they’ve gained access, cybercriminals can not only disrupt operations for extended periods of time, but also deploy ransomware, steal and sell data, launch fraudulent transactions, set up persistent access for future exploits, and more.
- Ransomware as a service: Guardz found that cyber attackers are increasingly employing double extortion methods, threatening to release sensitive data if ransoms are not paid. One uncovered case involved a family law firm, where refusal to pay resulted in the public release of sensitive client information on a dark web “hall of shame” site, causing irreparable reputational damage. With 94% of ransomware victims experiencing significant downtime, the consequences for small businesses of such attacks are often devastating, impacting operations and long-term survival.
“Cybercrime has become an industry of its own, and enterprises are no longer the sole or main targets; small businesses are its new favorite victims – whether they realize it or not. For just a few hundred dollars, hackers can gain and share access to company systems, hold data hostage, or disrupt operations, putting entire livelihoods and businesses at risk,” says Dor Eisner, CEO and co-founder of Guardz.
“By closing basic security gaps, embracing proactive threat detection and other automated responses, and increasing awareness among employees, small businesses can protect their operations, preserve client trust, and safeguard their success in an increasingly hostile digital landscape.”
Guardz’s latest findings underscore the urgent need for small businesses to prioritize cybersecurity. Regular patch management, the implementation of strong credential policies, and the use of multi-factor authentication are some of the critical steps to reducing vulnerabilities.
Additionally, maintaining secure backups of critical data and partnering with trusted Managed Service Providers (MSPs) – whose expertise and advanced tools empower small businesses to combat emerging threats – are essential for navigating today’s complex and evolving cybersecurity landscape.