45% of dark web corporate network access points being sold are less than $1,000.
Corporate networks are a treasure trove of secrets. The ability to gain access to them and root around file systems for hidden treasures is a gold mine for hackers – and one they’ll readily exploit. It’s not just the potential personal information that’s valuable to cyber criminals, but also the ability to find documents and reports that could be resold, or provide insight and information that would be valuable to individuals.
Gaining access to corporate networks can require significant amounts of hard work and leverage to breach defences. An easier alternative is to simply pay for access to already breached networks on the dark web. A roaring trade exists where middlemen and brokers sell access to networks that they’ve got access to in exchange for money.
What may surprise you is how cheap those bounties sell for.
According to the Criminal Market for Initial Access study released by Positive Technologies, 45% of corporate network accesses available for sale on the dark web cost less than $1,000.
Ease of access lowers price
As with all economic systems, the dark web cracked access market has evolved. Just as new products, when scarce and labour-intensive, cost more money to acquire, so it used to be that access to corporate networks was a lot more expensive. In 2017, according to Positive Technologies, only 15% of access points on sale cost less than $1,000.
However, as more networks have become cracked, and the tools to automate brute-force access to those networks have become cheaper and more prevalent, the price has dropped. A further 22% of network accesses offered for sale on the dark web cost between $1,000 and $2,499, with 17% costing between $2,500 and $5,000.
Just 16% of network accesses on offer cost more than $5,000.
The cost of buying your way into a corporate network depends on a number of factors. Hackers look at the amount of work involved – are there a significant number of computers to be exposed? Does the account they use to gain access to the network have all the privileges? That’s before even considering something like the size of the business, its potential revenue, and other financial indicators. The industry in which a business operates also has an impact on the price it can fetch on the dark web.
It’s all about the money
“Low-priced accesses usually are sold by inexperienced, wannabe hackers, who might not even follow through with the attack,” says Atlas VPN researcher William Sword. “Despite that, the rising percentage of cheap access means that many new, less-skilled cybercriminals entered the market, and they could become more dangerous in the future.”
Demand and therefore the commensurate price for access also depends on the sector in which businesses operate.
Around one in five network accesses on offer on the dark web are for those operating in the services industry.
Next most popular is the manufacturing industry – where there are potentially huge amounts of documentation about industry secrets that can be sold on – which accounts for 14% of the breached logins. “By gaining access to a manufacturing business, cybercriminals could steal personal information and severely disrupt normal operations,” says Sword. “Disrupted processes negatively impact production, which would cause revenue loss for weeks to come.”
Research and education, another treasure trove of information, is next at 12%, while IT (7%), government (6%) and commerce (6%) also have their benefits for cybercriminals willing to stump up the cash. It’s an issue that’s likely to continue as cyber criminals probe and poke at vulnerable networks – and the value of our data becomes greater.