Kathy Gibson reports from Jordan – The dark web is more than a marketplace for criminal products and services – it can pose a real danger to businesses.
Yuliya Novikova, Head of Security Services Analytics, explains that dark web players offer services ranging from malware-as-a-service to human resources, data theft to sales to money laundering.
Initial access to company systems is critical to an organization.
This is typically done by “novice” criminals who sell data for access and advanced cybercriminals who buy the information to develop advanced attacks.
“Does this mean that anyone can access the company?” Novikova asks. “Yes, it is. And yes, it’s really easy.”
The first method is to exploit network perimeter vulnerabilities. These could be available exploits, web application vulnerabilities, improperly configured services, or unpatched software with zero-day vulnerabilities.
Another way is through phishing attacks. The most common attack scenarios include fake business documents from partners, fake links in online meetings or documents, and his Covid-related emails.
In Turkey, 1.4 million user accounts were stolen by data thieves in 2021 and 2022. South Africa was not far behind, with 1.27 million users exfiltrated. In Kenya, 375,011 user accounts were stolen during the same period.
Selling this information is the next step, and buyers are usually more sophisticated or mature cybercriminals, Novikova said.
A company’s information is of immeasurable value and its losses are almost unquantifiable, yet 42% of all data transactions on the dark web are worth less than $1000.00.
Only 8% of observed victims on the dark web are from META, which could partly explain why the average price of information from organizations in the region is $2000.00. The highest bid was $25,000 for companies in Saudi Arabia, UAE and Israel.
75% of all offers are accessed through Remote Desktop Protocol, giving attackers easy access to victim systems.
Victims belong to various industries such as manufacturing, telecommunications, insurance, development, and banking. One of them was even a cybersecurity company.
All attackers are usually after money, Novikova said, and the best way to monetize the information is to run a ransomware auction.
The auction price of stolen data can bring cybercriminals millions of dollars and expose organizations to multiple ransomware attacks.
“This shows that organizations need to take immediate action to address the breach,” says Novikova. “And the sooner a breach is detected, the better they can respond.
“Kaspersky provides digital footprint intelligence to detect and monitor threats with dark web surveillance,” she adds.