Specialist hackers are selling access to enterprise networks for under $1000, thanks in part to a cybercrime underground flooded with compromised credentials.
Kaspersky’s analysis of the initial access broker (IAB) market revealed that the average cost for access to a large company’s systems sits between $2000 and $4000. However, this can vary significantly depending on the target organization’s revenue, sector, region and type of access offered.
Across the 200 dark web posts that the security vendor analyzed, 43% were offering access for under $1000, with just 17% charging more than $5000. That’s small change if an attack leads to a multimillion-dollar payout, as many ransomware breaches do.
The vast majority (75%) of posts were selling various types of RDP access. It’s one of the top three vectors for ransomware attacks, as many organizations fail to update to multi-factor authentication (MFA) or strong passwords on these servers.
That makes credentials easy to brute force or guess, although sometimes threat actors also use previously breached logins to compromise these endpoints.
Separate data from Digital Shadows out yesterday claimed that there are currently 24 billion username/password combinations in circulation on cybercrime marketplaces. That represents a 65% increase from the last time the vendor checked in 2020.
After removing duplicates, Digital Shadows said it found 6.7 billion unique credentials on the cybercrime underground, an increase of around 1.7 billion, or 34% in two years.
“We will move to a ‘passwordless’ future, but for now the issue of breached credentials is out of control,” warned senior threat intelligence analyst Chris Morgan.
“Criminals have an endless list of breached credentials they can try, but adding to this problem is weak passwords which mean many accounts can be guessed using automated tools in just seconds.”
According to Kaspersky, the top three methods of gaining initial access into corporate networks are: vulnerability exploitation; phishing; and obtaining legitimate credentials via stealer logs and password mining.
“The cyber-criminal community has evolved, not only from a technical point of view but from the standpoint of their organization,” said Kaspersky security expert Sergey Shcherbel. “Today ransomware groups look more like real industries with services and products for sale.”