Intsights talked about a thriving darknet market selling access to hacked victim networks, which brings cybercriminals thousands of dollars.
Experts studied the sale of access to networks on underground Russian-speaking and English-speaking forums. The study included a quantitative and qualitative analysis of a sample of 46 Internet access networks offered for sale in underground forums. Of this sample, seven vendors accounted for more than half of the APs sold, representing a broader trend of concentrated attacks from vendor-specific hackers. 40 advertisements for the sale of access to hacked networks indicated the location of the victims' organizations. 40% of the hacked companies were located in the United States or Canada.
According to experts, 10 of the 46 hacked companies were in the telecommunications industry, while financial services, healthcare and pharmaceuticals, energy and industry were the second most popular.
The study found that over 37% of all victims in the data sample were from North America, with an average access cost of $ 9,640. Access to a major telecoms provider in Asia with more than $ 1 billion in annual revenue was $ 95,000.
According to the researchers, darknet forums allow for a decentralized system in which less experienced cybercriminals can rely on each other for various tasks, allowing most ransomware operators to simply buy access from others.
The network access offered ranges from system administrator credentials to full dial-up network access. As millions of people have switched to telecommuting due to the coronavirus infection (COVID-19) pandemic, network access sales have skyrocketed over the past 18 months.
Sometimes attackers realize that there is no data in the compromised network that can be stolen or sold, as a result of which they decide to sell access to ransomware groups. Messages offering compromised network access include information about the victim, form, and access level. Victims are sometimes identified by location, industry or sector, and income information is often included. Descriptions can also include the number and types of computers on the network, or the types of files and data they contain.
Experts studied the sale of access to networks on underground Russian-speaking and English-speaking forums. The study included a quantitative and qualitative analysis of a sample of 46 Internet access networks offered for sale in underground forums. Of this sample, seven vendors accounted for more than half of the APs sold, representing a broader trend of concentrated attacks from vendor-specific hackers. 40 advertisements for the sale of access to hacked networks indicated the location of the victims' organizations. 40% of the hacked companies were located in the United States or Canada.
According to experts, 10 of the 46 hacked companies were in the telecommunications industry, while financial services, healthcare and pharmaceuticals, energy and industry were the second most popular.
The study found that over 37% of all victims in the data sample were from North America, with an average access cost of $ 9,640. Access to a major telecoms provider in Asia with more than $ 1 billion in annual revenue was $ 95,000.
According to the researchers, darknet forums allow for a decentralized system in which less experienced cybercriminals can rely on each other for various tasks, allowing most ransomware operators to simply buy access from others.
The network access offered ranges from system administrator credentials to full dial-up network access. As millions of people have switched to telecommuting due to the coronavirus infection (COVID-19) pandemic, network access sales have skyrocketed over the past 18 months.
Sometimes attackers realize that there is no data in the compromised network that can be stolen or sold, as a result of which they decide to sell access to ransomware groups. Messages offering compromised network access include information about the victim, form, and access level. Victims are sometimes identified by location, industry or sector, and income information is often included. Descriptions can also include the number and types of computers on the network, or the types of files and data they contain.
