In its latest research, Positive Technologies notes that ads promising access on dark web forums increased with each quarter throughout the observed period. As many as 590 new offers were identified in the first quarter of 2021 alone, representing 83% of all offers in 2020.
Positive Technologies documents how the market enabling initial access to corporate networks has evolved through 2020 and into early 2021, and reveals that the number of ‘access-for-sale’ ads on the dark web has increased seven-fold compared with previous years.
The company’s researchers believe the cybercriminal profile is changing in multiple ways; the profile of an external intruder who gains initial access to a corporate network is different from the criminal who follows through with the attack once inside—most importantly, the two have different skillsets. The person who hacks the perimeter can range from novice to pro, even a specialist with very specific technical abilities. The attack on the local network, on the other hand, will be conducted by skilled hackers or cyber-thieves who purchase the access on a dark web forum. Once they have the resources needed, the criminal activities can be initiated. These range from theft of funds to lasting disruption of business operations.
In the first quarter of 2021, the number of users who placed ads for buying and selling access and also for seeking hacking partners tripled compared to Q1 2020.
Positive Technologies estimates that about $600,000 worth of corporate network access is sold on the dark web on a quarterly basis. Interestingly, the share of expensive access lots priced above $5,000 almost halved. This may reflect mass entry into the market by novice cybercriminals.
“With these realities in mind, a system for protection against cyberattacks may require a different approach,” said Yana Yurakova, an analyst at Positive Technologies. “The threat actor model needs to be revised to guard against both access from low-skilled attackers and sophisticated methods of attack.”
“As we can see, most companies who had access to their networks put up for sale by cybercriminals belong to the services (17%), manufacturing (14%), and research and education 12%) industries,” added Yurakova. “Note that the share of industrial companies and financial institutions, whose networks are typically more expensive to hack, decreased somewhat. This may be attributed to the fact that the initial access market is served by lower-skilled actors who prefer easier victims.”