News

Access to corporate networks sold for an average of $7,100

In the context of the pandemic and the widespread transition to remote control, trading in primary access to corporate networks of various organizations is gaining momentum, analysts from Digital Shadows warn.

So-called “primary access brokers” break into company networks and compromise employees, but they do not go beyond this and act as intermediaries, selling the gained access to other attackers (often operators of ransomware).

“Rather than infiltrating an organization deeply, this type of threat actor operates as a ‘middleman’ by breaching as many companies as possible and goes on to sell access to the highest bidder – often to ransomware groups. Their method of operating is flourishing during the pandemic as employees increasingly log in to systems remotely”, — Digital Shadows specialists wrote.

The researchers note that since 2016 this area has become much more active, and over the years, many underground marketplaces have been reorganized and acquired special sections for selling such “goods”. Currently, there are already about 500 such trading platforms.

According to the company, today the average price for access to someone else’s network is $7,100, and the total cost depends on the organization’s income, the number of employees, the number of available devices and the type of access.

RDP remains the most popular method of penetrating foreign networks – 17% of the total number of ads. Also, RDP access has the highest average price – $9,800. It is also worth noting that the FBI representatives warned that in 70-80% of cases, the attackers’ initial foothold is exactly the compromise of RDP.

“Domain Admin Level access is also prized on the black market, accounting for 16% of the total, with an average price tag of $8,187”, – said analysts.

Also, due to the global trend of moving to remote work, the demand for VPNs, which provide access to someone else’s corporate network, has increased. The average price for such access is $2,871 (15% of the total number of ads).

In addition to the already listed vectors of penetration into foreign networks, Citrix Access (7%), various control panels (6%), CMS (5%) and shells (5%) are also in demand.

Let me remind you that we reported that Chinese hackers used NSA exploit years before The Shadow Brokers leak. And that The US government has warned agencies about cybersecurity risks for years.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

2 days ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

2 days ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

2 days ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

2 days ago