Hacker marketplaces sell unauthorized access to enterprise systems
6/15/2022
Social Media

Hacker marketplaces sell unauthorized access to enterprise systems

The typical cost to gain unauthorized access to a company's network or IT systems costs between $2,000 and $4,000, which is very inexpensive when compared to the ransoms that ransomware operators demand and the significant financial harm that can result from a well-timed cyberattack.

This estimate is based on Kaspersky researchers who recently published a study on the issue titled, How Much Does Access to Company Infrastructure Cost? The research team analyzed hundreds of posts on dark web cybercriminal forums and found substantial demand on the dark web for the data and services required to plan an assault in the first place, in addition to the data stolen during attacks.

The world of cyber criminals has changed regarding technology and how they are organized. Ransomware organizations today resemble legitimate industries with available services and goods.

Darknet forums are the primary source of up-to-date cybercriminal underground methods and trends, and we have noticed that the amount of data needed to plan an assault is growing. Companies looking to bolster their threat intelligence must be able to gain visibility of sources on the dark web.

Prices for this access range widely, from a few hundred dollars at the low end to hundreds of thousands.

Initial access brokers (IABs), who, as other sources have noted, are increasingly playing a crucial role in the economics of crime as a service, implement price schemes that are mostly based on the income of a potential victim.

The amount of money a cybercriminal can make from an assault is the most crucial factor in determining an initial access price since an FTSE 100 corporation with global assets and interests will be a juicier target than a local grocery store.

IABs also know that ransomware creators are willing to pay generously, often spending tens of thousands of dollars, because they stand to profit millions from successful attacks. The IAB's reputation, level of experience, and the many types of access they provide are further considerations.

For instance, the cost of a vulnerability, such as a SQL injection or remote code execution (RCE) flaw, differs greatly from the cost of legal credentials for RDP or secure shell (SSH). With RDP or SSH, access to the target system has already been gained. Still, in the first scenario, the buyer is just purchasing a chance to access a target network by exploiting a vulnerability.

Simply put, gaining RDP access allows malicious individuals to access a remote desktop or program that gives its owner access to crucial resources and data via a remote host the same way a local employee would. RDP access was offered in three-quarters of the ads that were analyzed.

Three-quarters of the ads analyzed offered remote RDP access, now a specialty of the most underground IABs.

Additionally, there are variations according to the victim's region, industry, and areas of expertise.

The research is available to read here.