Connect with us

Hi, what are you looking for?

HEADLINES

Network access for sale: How much are the keys to your castle?

When you compare the immense financial losses that a breached company suffers with the much smaller-scale financial transactions taking place on these criminal forums, the challenge becomes painfully clear.

Photo by Dan Nelson from Unsplash.com

By Paul Prudhomme
Head of Threat Intelligence Advisory, IntSights

For a first-time home buyer, the experience of being handed that set of keys is exhilarating. You’ve jumped through lots of hoops to get to this moment, and now you’re going to reap the reward.

But what if I told you that right now, a novice cybercriminal could get the keys to your company’s network for just a few thousand dollars and turn a profit of tens or hundreds of thousands, if not millions?

Cybercriminals handing over the keys to a compromised network is the topic of the newest IntSights white paper, “Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums”. The initial break-in has already occurred, and now the focus turns to the monetization of that unauthorized access via fraud, extortion, or other means.

Advertisement. Scroll to continue reading.

The Criminal-to-Criminal Marketplace

The “criminal-to-criminal” marketplace is a key driver of criminal threats. Few cybercriminal operations are truly autarchic or self-sufficient, with full “vertical integration.” Many cybercriminals specialize in specific fields in which they can perform optimally or more cost-effectively. This specialization allows the various stages and components of the cybercriminal “kill chain” to function at closer to maximum efficiency. They turn to other, equally specialized vendors to acquire other components in areas beyond their own specialty.

There have long been specialized vendors for malware payloads, other malicious tools, hosting infrastructure, and the other components of cybercriminal operations. This specialization has now progressed to the point that there are now specialized vendors who provide compromised network access as well. Cybercriminals no longer need the ability to compromise a network; now they can just buy that access from another criminal.

Like any e-commerce community, underground criminal forums aim to establish a “circle of trust” that enables criminals to do business with each other with a reasonable degree of confidence. The risk that a buyer or vendor will rip off, cheat, or defraud a vendor or customer is a significant concern for them, as is the risk of unwittingly doing business with undercover law enforcement or security researchers.

Cybercrime forum users can vet prospective vendors or buyers by reviewing their history and status, and the feedback or ratings that they have received from other users, so as to develop confidence in them. Many of these communities use escrow systems to instill further confidence in large purchases by entrusting funds to website administrators as a transaction proceeds. The risk of receiving negative feedback or being reported to website administrators serves as an additional deterrent to misconduct.

Advertisement. Scroll to continue reading.

Bargain Basement Prices

Pricing varies considerably from one network access sale to another, but most prices are low enough that they do not constitute a significant barrier to entry. Our statistical analysis for the Selling Breaches white paper found a median price of $3,000 USD. Most prices are in the four-figure range, with more expensive offerings in the five-figure range and cheaper ones in the three-figure range. IntSights found prices as low as $240 and as high as $95,000; however, the lower end of this scale — as is reflected in our median figure — is much more common.

Factors that can influence pricing include the extent and the privilege level of the access; the size and value of the victim as a source of criminal revenue; the industry and location of the victim; and the sales strategies of the various sellers. Some offers do not specify a price, allowing prospective buyers to make their own offers and name their own prices, while others take the form of auctions. Higher privileges and larger networks generally increase the price of the offering. Victims in wealthy, English-speaking economies are generally more desirable, hence the disproportionate percentage of identified victims in North America (37.5%). We nonetheless found unauthorized access to North American companies on sale for as little as $500.

When you compare the immense financial losses that a breached company suffers with the much smaller-scale financial transactions taking place on these criminal forums, the challenge becomes painfully clear.

Read “Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums” to better understand this challenge and get pointers for prevention and mitigation.

Advertisement. Scroll to continue reading.

About the Author
Paul Prudhomme is Head of Threat Intelligence Advisory at IntSights. He previously served as a leader of the cyber threat intelligence subscription service at Deloitte and as an individual contributor to that of iDefense. Prior to that Paul covered cyber issues as a contractor in the US Intelligence Community. Paul specializes in the coverage of state-sponsored cyber threats, particularly those from Iran. He originally served as a linguist and cultural advisor and speaks multiple languages, including Arabic. Paul has a Master’s degree in History from Georgetown University. He is also a certified scuba diver and an award-winning amateur underwater photographer.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

Advertisement