The average Dark Web cost of illegal ‘privileged access’ to a single local network has rocketed up, with avg. costs now said to be circa £4,100.
Ordinary internet users have a vision of Dark Web crime forums, & it is is likely one of stolen credit cards, breached password databases & maybe malware on sale. That is also the view of many security professionals. Reality is somewhat different, & these criminal marketplaces should be seen as a much more complex environment.
For example, consider the sale of ‘access’ to more than just data. The “Access for Sale” report published by Positive Technologies, shows how quickly these markets respond to variations in demand, & how dangerous just ignoring that fact could be to a business.
Just one year ago, the Positive Technologies analysts were seeing mostly ‘trading individual servers’ when it came to ‘corporate access sales’. You could buy access to such a server for as cheaply as £16 (US$ 20).
During the 2nd half of 2019, interest greatly grew in the sale of access to corporate networks greatly instead. So, the average current cost of privileged access to a single local network is, the report outlines, in the £4,100 (US$ 5,000) range.
In the last quarter of 2019, there were over 50 such network access points of major enterprises offered up for sale. By the end of the 1st quarter of 2020, that number had grown to 80. Industrial, professional services, finance, science/education IT accounted for most of these by sector.
This equals an increase of 69%, quarter to quarter, & shows the interest in this 1 definition of ‘access for sale’. By location, the organisations in the US are the most heavily targeted, followed by Italy, then the UK. Within the UK criminal access dark market, science & education leads the pack, followed by finance.
Cyber-criminals will either “develop an attack on business systems themselves or hire a team of more skilled hackers to escalate network privileges & infect critical hosts in the victim’s infrastructure with malware,” the report observes, with ransomware operators among the ‘early adopters.’ Researchers mention they have seen prices zoom, & some buyers offer a ‘commission’ of 30% of possible profit from an ‘infrastructure hack’ of a large enterprise.
Positive Technologies Senior Analyst Vadim Solovyov further commented “large companies stand to become a source of easy money for low-skilled hackers. Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter. The larger the hacked company is, & the higher the obtained privileges, the more profitable the attack becomes.”
Do security teams at larger enterprises need to think in a different way to SMEs, when such access to the entire network is being sold to anyone with money – often to those with relatively low hacking skill levels themselves?
“It’s another risk vector that leverages wide ranging spray and pray techniques to phish & capture access to networks & sell the access itself rather than try to gain from it,” Yossi Naar, Chief Visionary Officer & Co-founder at Cybereason added “in that sense enterprise networks are at greater risk because of a wider attack surface. The odds of someone falling for ‘spray & pray’ go up with the size of the network.”
Jamie Akhtar, CEO & Co-founder of CyberSmart, observed further, “as many SMEs use managed or shared networks, this is a very different defence landscape. Within larger enterprises, network access allows attackers to scan for vulnerable devices to further the attack, often looking for outdated operating systems in order to navigate through the network & elevate to higher admin privileges.”
“Any ongoing access implies that corporate policies are either being ignored, worked around or are insufficient to detect the threat,” Tim Mackey, Principal Security Strategist at the Synopsys CyRC (Cybersecurity Research Centre) explained, “since detection of legitimate attacks is a primary goal for any defender, separating malicious actions from those related to normal business operations is key.”
Paul Bischoff, Privacy Advocate at Comparitech, pointed out that as businesses grow, “the likelihood of a rogue or careless employee compromising security increases & with that in mind, organisations need to focus more on access control and remediation.”
James McQuiggan, Security Awareness Advocate at KnowBe4, examined the 2020 Verizon Data Breach Incident Report which showed the detection of data breaches within several days for discovery is higher than 5 years ago, increasing from under 20% to over 60%.
“This result is mainly due to organisations having Security Operation Centres (SOCs) or Managed Security Service Providers (MSSPs) that can effectively monitor network traffic, endpoints, & email,”
McQuiggan says, concluding that “organisations that have a robust cybersecurity defence programme with these programmes & systems, including a security awareness training programme for employees to empower them to make security decisions, can strengthen the organisation’s security culture & defence.”
The world moves-on, even for cyber-criminals.