cyber criminals increasingly using more sophisticated techniques to obtain information and sell it later. Kaspersky experts have analyzed almost 200 posts on the dark web that offered to purchase information for initial access to company forums. The average cost of access to the systems of a large company ranges between 1,900 and 3,800 euroswhich is relatively inexpensive compared to the potential damage it could cause to targeted businesses.
Such services are of great interest to ransomware operators, whose profits could reach a whopping 38 million a year. These and other findings can be found in Kaspersky’s new report, “How much does access to corporate infrastructure cost?”
Kaspersky research has shown how much demand there is on the dark web, not only for data obtained through an attack, but also for necessary information and services to organize one (for example, the data needed to perform specific steps of a multiphase attack). Once a cyber attacker gains access to an organization’s infrastructure, they can sell that access to other advanced cyber criminals, such as ransomware operators. These attacks cause significant financial and reputational loss to the targeted organization and can even cause downtime and business process interruption. SMEs and companies are the main target of these attacks.
Kaspersky experts have analyzed nearly 200 publications on the dark web that offer to buy information for the initial access to company forums, with the intention of defining the main types of corporate data sold, as well as what criteria cybercriminals use to assess the price of an organization’s data. Most of the posts (75%) sold RDP (Remote Desktop) access. It provides access to a remotely hosted desktop or application, then allows cybercriminals to connect, access, and control data and resources through a remote host, as if a company’s employees were controlling the data locally.
Initial access prices vary widely, from a couple of hundred euros to hundreds of thousands. As expected, the key to the high prices of the analyzed offers is the income of the potential victim: the price grows along with the income. Prices may also differ depending on the company’s industry and operating region.
Correlation between the price of data and the income of a company
Access to large business infrastructures usually costs between 1,900 and 3,800 euros, which are relatively modest prices. But there is also no upper limit to the cost. Data belonging to a company with revenue of 445 million of euros are for sale for 48,000 euros.
Clearly, one of the most important components of the initial access price is the amount of money the buyer can potentially earn from an attack using that access. Ransomware operators are willing to pay thousands, or even tens of thousands, for a chance to infiltrate a corporate network for a reason. They often cost the target corporation millions of dollars. The most prolific players of the past year have potentially received €5bn in transfers over the past three years.
In addition to encrypting corporate data, cybercriminals also steal it. Later, they may post some of the stolen data on their blogs, mostly as evidence, but also as additional insurance, threatening to post more if the company doesn’t pay the money they demand within a stipulated time.
“The cybercriminal community has evolved, not only from a technical point of view, but also from an organizational point of view. Today, ransomware groups are more like real industries with services and products for sale. We constantly monitor dark web forums for new trends and tactics from underground cybercriminals. We have seen the growing market for data needed to mount an attack. Gaining visibility into sources on the dark web is essential for companies looking to enrich their threat intelligence. Timely information about planned attacks, discussions of vulnerabilities, and successful data breaches will help reduce the attack surface and take appropriate action.”comments Sergey Shcherbel, security expert at Kaspersky.
