45% of offers selling corporate network access on the dark web cost less than $1K
The cybercriminal market has evolved and changed in the past year due to the pandemic. Many new people started to flood the market, trying to earn a quick buck off people and organizations, which did not establish a reliable security system.
According to the recent Atlas VPN research team findings, 45% of corporate network access costs less than $1K on the dark web. Businesses in the services and manufacturing industries are the main options for hackers when planning an attack.
The data is based on the Criminal Market for Initial Access study released by Positive Technologies. In the report, the security solution provider analyzed how the criminal market has evolved throughout 2020 and early 2021.
Hackers put up 45% of offers for access to corporate networks for less than $1,000 on the dark web. Important to note that this percentage in 2017 was only 15%. However, between Q2 2020 and Q1 2021, the rate has risen to what it is now.
Access to corporate networks that cost between $1,000 and $2,499 made up 22% of the dark web market. On the other hand, the corporate network accesses priced between $2,500 and $4,999 accounted for 17% of the underground forum market.
Generally, the cost of access depends on a few factors. Hackers evaluate the number of computers to be exposed, account privileges, businesses size, revenue, and other financial indicators. Also, the price of access could be impacted by the industry in which the company is operating.
Access to corporate networks selling for $5,000-$9,999 composed 9% of the dark web market. At the same time, accesses offered above the $10,000 price range made up 7% of the market.
Most targeted industries
Hackers find some industries more valuable than others because some businesses in specific sectors have put fewer resources into cybersecurity, making them an easier target.
The services industry is the most popular among cybercriminals as 17% chose to target this sector. Usually, companies in this industry have a lot of sensitive data about their customers. Because of that, service businesses become lucrative targets for hackers, as they could sell the stolen information online.
Next up, we have the manufacturing sector picked out by 14% of hackers. By gaining access to a manufacturing business, cybercriminals could steal personal information and severely disrupt normal operations. Disrupted processes negatively impact production, which would cause revenue loss for weeks to come.
Furthermore, 12% of cybercriminals on the dark web selected the research and education industry to attack. As smaller schools usually do not have the best system security, low-skilled threat actors find them easier victims.
In addition, the IT industry became a target for 7% of threat actors which purchased corporate network accesses. IT companies have a larger attack surface, as they use many devices connected to the internet. More devices mean more vulnerabilities hackers could exploit.
Finally, all other industries accumulated 26% of accesses sold on the dark web forums.
Low-priced accesses usually are sold by inexperienced, wannabe hackers, who might not even follow through with the attack. Despite that, the rising percentage of cheap access means that many new, less-skilled cybercriminals entered the market, and they could become more dangerous in the future.