IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Dark web ads offering access to corporate networks increase sevenfold

New report shines a light on hackers offering “access for sale” to other cyber criminals

Hacker-placed ads on the dark web selling access to corporate networks have increased dramatically over 12 months, according to a new report from Positive Technologies. The rise in ransomware attacks is thought to be the main driver for this criminal activity.

Researchers at Positive Technologies said they identified 707 new ads selling access in 2020. That's a sevenfold increase in ads compared to 2019.

Researchers also found as many as 590 new offers in the first quarter of 2021 alone, which is 83% of all offers in 2020. A contributing factor to this increase is a jump in ransomware attacks, according to the report. 

In the first quarter of 2021, the number of users who placed ads for buying and selling access and seeking hacking partners tripled compared to Q1 2020.

Researchers estimated hackers sell about $600,000 worth of corporate network access on the dark web every quarter. Interestingly, the share of expensive access lots priced above $5,000 almost halved. This may reflect novice cyber criminals’ mass entry into the market.

“As we can see, most companies who had access to their networks put up for sale by cyber criminals belong to the services (17%), manufacturing (14%), and research and education (12%) industries," said Yana Yurakova, an analyst at Positive Technologies. 

Related Resource

X-Force Threat Intelligence Index

Top security threats and recommendations for resilience

Transparent cube against a black background - whitepaper from IBMFree download

"Note that the share of industrial companies and financial institutions, whose networks are typically more expensive to hack, decreased somewhat. This may be attributed to the fact that the initial access market is served by lower-skilled actors who prefer easier victims.”

These findings have led researchers to the conclusion that the cyber criminal profile is changing in many ways. The profile of an external intruder who gains initial access to a corporate network differs from the criminal who follows through with the attack once inside. Most importantly, the two have different skill sets, researchers said.

The person who hacks the perimeter can range from novice to pro, even a specialist with very specific technical abilities. 

The attack on the local network, on the other hand, will be conducted by skilled hackers or cyber criminals who purchase the access on a dark web forum. Once they have the resources needed, they can initiate criminal activities, ranging from theft of funds to lasting disruption of business operations.

“With these realities in mind, a system for protection against cyber attacks may require a different approach,” added Yurakova. “The threat actor model needs to be revised to guard against both access from low-skilled attackers and sophisticated methods of attack.”

Featured Resources

ZTNA vs on-premises VPN

How ZTNA wins the network security game

Free Download

The global use of collaboration solutions in hybrid working environments

How companies manage security risks

Free Download

How to build a cyber-resilient business ready to innovate and thrive

Outperform your peers in your successful business outcomes

Free Download

Accelerating your IT transformation

How Cloudflare is innovating for CIOs to start 2023

Watch now

Recommended

SOC modernisation and and the role of XDR
Whitepaper

SOC modernisation and and the role of XDR

16 Mar 2023
GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
MSI to release securer BIOS settings after critical flaw discovered
vulnerability

MSI to release securer BIOS settings after critical flaw discovered

20 Jan 2023
Uber says compromised third-party to blame for data breach
data breaches

Uber says compromised third-party to blame for data breach

13 Dec 2022

Most Popular

Tech pioneers call for six-month pause of "out-of-control" AI development
artificial intelligence (AI)

Tech pioneers call for six-month pause of "out-of-control" AI development

29 Mar 2023
Getting the best value from your remote support software
Advertisement Feature

Getting the best value from your remote support software

13 Mar 2023
Microsoft Security Copilot could be a seismic success for the tech industry
Security

Microsoft Security Copilot could be a seismic success for the tech industry

29 Mar 2023