Connect with us

Hi, what are you looking for?

HEADLINES

Network access for sale: How much are the keys to your castle?

When you compare the immense financial losses that a breached company suffers with the much smaller-scale financial transactions taking place on these criminal forums, the challenge becomes painfully clear.

Photo by Dan Nelson from Unsplash.com

By Paul Prudhomme
Head of Threat Intelligence Advisory, IntSights

For a first-time home buyer, the experience of being handed that set of keys is exhilarating. You’ve jumped through lots of hoops to get to this moment, and now you’re going to reap the reward.

But what if I told you that right now, a novice cybercriminal could get the keys to your company’s network for just a few thousand dollars and turn a profit of tens or hundreds of thousands, if not millions?

Cybercriminals handing over the keys to a compromised network is the topic of the newest IntSights white paper, “Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums”. The initial break-in has already occurred, and now the focus turns to the monetization of that unauthorized access via fraud, extortion, or other means.

The Criminal-to-Criminal Marketplace

The “criminal-to-criminal” marketplace is a key driver of criminal threats. Few cybercriminal operations are truly autarchic or self-sufficient, with full “vertical integration.” Many cybercriminals specialize in specific fields in which they can perform optimally or more cost-effectively. This specialization allows the various stages and components of the cybercriminal “kill chain” to function at closer to maximum efficiency. They turn to other, equally specialized vendors to acquire other components in areas beyond their own specialty.

Advertisement. Scroll to continue reading.

There have long been specialized vendors for malware payloads, other malicious tools, hosting infrastructure, and the other components of cybercriminal operations. This specialization has now progressed to the point that there are now specialized vendors who provide compromised network access as well. Cybercriminals no longer need the ability to compromise a network; now they can just buy that access from another criminal.

Like any e-commerce community, underground criminal forums aim to establish a “circle of trust” that enables criminals to do business with each other with a reasonable degree of confidence. The risk that a buyer or vendor will rip off, cheat, or defraud a vendor or customer is a significant concern for them, as is the risk of unwittingly doing business with undercover law enforcement or security researchers.

Cybercrime forum users can vet prospective vendors or buyers by reviewing their history and status, and the feedback or ratings that they have received from other users, so as to develop confidence in them. Many of these communities use escrow systems to instill further confidence in large purchases by entrusting funds to website administrators as a transaction proceeds. The risk of receiving negative feedback or being reported to website administrators serves as an additional deterrent to misconduct.

Bargain Basement Prices

Pricing varies considerably from one network access sale to another, but most prices are low enough that they do not constitute a significant barrier to entry. Our statistical analysis for the Selling Breaches white paper found a median price of $3,000 USD. Most prices are in the four-figure range, with more expensive offerings in the five-figure range and cheaper ones in the three-figure range. IntSights found prices as low as $240 and as high as $95,000; however, the lower end of this scale — as is reflected in our median figure — is much more common.

Factors that can influence pricing include the extent and the privilege level of the access; the size and value of the victim as a source of criminal revenue; the industry and location of the victim; and the sales strategies of the various sellers. Some offers do not specify a price, allowing prospective buyers to make their own offers and name their own prices, while others take the form of auctions. Higher privileges and larger networks generally increase the price of the offering. Victims in wealthy, English-speaking economies are generally more desirable, hence the disproportionate percentage of identified victims in North America (37.5%). We nonetheless found unauthorized access to North American companies on sale for as little as $500.

When you compare the immense financial losses that a breached company suffers with the much smaller-scale financial transactions taking place on these criminal forums, the challenge becomes painfully clear.

Advertisement. Scroll to continue reading.

Read “Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums” to better understand this challenge and get pointers for prevention and mitigation.

About the Author
Paul Prudhomme is Head of Threat Intelligence Advisory at IntSights. He previously served as a leader of the cyber threat intelligence subscription service at Deloitte and as an individual contributor to that of iDefense. Prior to that Paul covered cyber issues as a contractor in the US Intelligence Community. Paul specializes in the coverage of state-sponsored cyber threats, particularly those from Iran. He originally served as a linguist and cultural advisor and speaks multiple languages, including Arabic. Paul has a Master’s degree in History from Georgetown University. He is also a certified scuba diver and an award-winning amateur underwater photographer.

Advertisement
Advertisement

Like Us On Facebook

You May Also Like

SOFTWARE

MicroWorld's latest offering aims to reinvent cybersecurity in the face of an ever-evolving threat landscape, especially in light of the ongoing pandemic. The cyber...

HEADLINES

The vast majority (70%) of all IT teams said the number of phishing emails hitting their employees increased during 2020. This rose to 82%...

HEADLINES

Globally 66% and in APJ 67% of businesses believe they are data-driven but only 21% globally and in APJ testify to treating data as...

HEADLINES

Gootloader uses SEO optimization and social engineering, a combination that is not commonly seen in malware delivery. The usually recommended safety instructions to overcome...

HEADLINES

According to WorldRemit, there are four industry-wide scams that Filipinos should be aware of this 2021: “email scams, online dating scams, shopping scams and...

HEADLINES

The process of renewals and new license ordering for partners and distributors is now automated and can be done in a few clicks instead...

HEADLINES

BMAP recognizes that a major attack could shake the banking industry’s stability. Perpetrators can be more sophisticated, well-funded and organized. To stay cybersafe, BMAP...

HEADLINES

Among messenger services, users are most concerned with the WhatsApp security level - the share of requests about its security policy was 13.9%.

Advertisement