Kathy Gibson reports from Jordan – The dark web is more than a marketplace for criminal products or services – it can hold real dangers for corporates.
Yuliya Novikova, head of security services analysis, explains that players on the dark web offer services from malware as a service, to human resources, from exfiltrating data to selling it, and even laundering the resulting funds.
Initial access to a company’s systems is what should concern organisations.
This would typically be performed by a “newbie” criminal, selling data for access, to advanced cybercriminals who buy the information to develop sophisticated attacks.
“Does this mean anyone can get access to the company?” Novikova asks. “Yes, it does. And yes, it really is that easy.”
The first way is by exploiting vulnerabilities on the network perimeter. These can be unpatched software with available exploits, vulnerabilities in Web applications, misconfigured services, or zero-day vulnerabilities.
Another way is by phishing attacks. Most common attack scenarios include fake business correspondence from partners, fake links for online meetings or documents, and Covid-related emails.
In Turkey, the accounts of 1,4-million users were stolen by data thieves in 2021 and 2022. South Africa was not far behind, with 1,27-million users being exposed. In Kenya, 375 011 accounts of users were stolen during the same period.
Selling this information is the next step, and buyers would typically be more sophisticated, or mature, cybercriminals, says Novikova.
A company’s information has immense value to them – and it’s loss is almost unquantifiable – but 42% of all data transactions on the dark web are less than $1 000.00.
Just 8% of the victims observed on the dark web are from META, which could partly explain why the average price for information from organisations in this region is $2 000.00. The most expensive offer stood at $25 000, for companies from Saudi Arabia, the UAE and Israel.
A massive 75% of all offers are accessed through remote desktop protocol, so they are easy for attackers to access the victims’ systems.
Victims are from a variety of industries, including manufacturing, telecommunications, insurance, development, banking and more. One was even a cybersecurity company.
Generally, all the attackers are after is money, Novikova says, and often the best way to monetise their information is to run a ransomware auction.
The auction price of stolen data may bring the cybercriminals millions of dollars – and open the organisation up to multiple ransomware attacks.
“This demonstrates that organisations need to meet any breach with immediate action,” Novikova says. “And the faster a breach is detected, the better they will be able to react.
“Kaspersky offers digital footprint intelligence, detecting and monitoring threats by dark web monitoring,” she adds.
Related
Read More: news.google.com