Access to corporate data sold for $2 100 on dark web

Proprietary and confidential data stolen from organisations during breaches often ends up on dark web markets and forums.

Over and above being a marketplace for bad actors to peddle their malicious tools and stolen data, the dark web is also a multifunctional platform and market for any need – from attack preparation to money withdrawal.

And with the rise of cyber crime as a service, Kaspersky experts have discovered that beyond having corporate data for sale, bad actors are selling the information needed to access corporate networks to organise their attacks.

Worldwide, the average cost for access to corporate systems is in the range between $2 000 to $4 000, and in the Middle East, Turkey and Africa (META) region this number sits at $2 100. This isn’t too hefty a price tag, considering the potential fallout for targeted organisations, notes Kaspersky.

The security company believes these services are of prime interest to ransomware operators, whose profit may reach tens of millions of dollars a year.

There are several ways to achieve corporate access. The first is by exploiting vulnerabilities in the network perimeter, which include unpatched software with available exploits, vulnerabilities in web applications, misconfigured services or zero-day vulnerabilities.

Businesses can act to give fraudsters less opportunity to make dark web profits out of their data,

Yuliya Novikova, Kaspersky.

Phishing is another way. The majority of attack scenarios include fake business correspondence purporting to come from partners, fake links for online meetings or documents, and COVID-related emails.

Lastly, access can be gained by infecting user devices with a data stealer. Data gets stolen while users are working on their devices, and is then transferred to command and control servers, packed in files, which are then advertised for sale on dark web forums.

In South Africa, 1 270 617 accounts of users were stolen this way in 2021-2022.

Yuliya Novikova, head of Security Services Analysis at Kaspersky, says although the dark web seemed impossible to control in the past, the situation is changing.

“Businesses can act to give fraudsters less opportunity to make dark web profits out of their data and should protect their data from being stolen with strong data security practices. These include data encryption and educating employees on how to avoid accidentally giving cyber criminals access,” she adds.

In addition, she says dark web monitoring should be considered as a threat intelligence data source for cyber security staff, as this will enable them to act instantly in the event of an incident.