News

Access to corporate networks sold for an average of $7,100

In the context of the pandemic and the widespread transition to remote control, trading in primary access to corporate networks of various organizations is gaining momentum, analysts from Digital Shadows warn.

So-called “primary access brokers” break into company networks and compromise employees, but they do not go beyond this and act as intermediaries, selling the gained access to other attackers (often operators of ransomware).

“Rather than infiltrating an organization deeply, this type of threat actor operates as a ‘middleman’ by breaching as many companies as possible and goes on to sell access to the highest bidder – often to ransomware groups. Their method of operating is flourishing during the pandemic as employees increasingly log in to systems remotely”, — Digital Shadows specialists wrote.

The researchers note that since 2016 this area has become much more active, and over the years, many underground marketplaces have been reorganized and acquired special sections for selling such “goods”. Currently, there are already about 500 such trading platforms.

According to the company, today the average price for access to someone else’s network is $7,100, and the total cost depends on the organization’s income, the number of employees, the number of available devices and the type of access.

RDP remains the most popular method of penetrating foreign networks – 17% of the total number of ads. Also, RDP access has the highest average price – $9,800. It is also worth noting that the FBI representatives warned that in 70-80% of cases, the attackers’ initial foothold is exactly the compromise of RDP.

“Domain Admin Level access is also prized on the black market, accounting for 16% of the total, with an average price tag of $8,187”, – said analysts.

Also, due to the global trend of moving to remote work, the demand for VPNs, which provide access to someone else’s corporate network, has increased. The average price for such access is $2,871 (15% of the total number of ads).

In addition to the already listed vectors of penetration into foreign networks, Citrix Access (7%), various control panels (6%), CMS (5%) and shells (5%) are also in demand.

Let me remind you that we reported that Chinese hackers used NSA exploit years before The Shadow Brokers leak. And that The US government has warned agencies about cybersecurity risks for years.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Held Virus Removal Guide (+Decrypt .held files)

Held Virus Ransomware Held is a harmful software application working as common ransomware. Michael Gillespie,…

15 hours ago

Remove Netsmediashub pop-up ads (Virus Removal Guide)

Netsmediashub.com is a domain that tries to force you into clik to its browser notifications…

2 days ago

Remove News-bhexusa.xyz pop-up ads (Virus Removal Guide)

News-bhexusa.xyz is a domain that tries to trick you into clik to its browser notifications…

3 days ago

Remove News-bhupotu.xyz pop-up ads (Virus Removal Guide)

News-bhupotu.xyz is a domain that tries to trick you into subscribing to its browser notifications…

3 days ago

Remove News-bhocime.info pop-up ads (Virus Removal Guide)

News-bhocime.info is a site that tries to trick you into subscribing to its browser notifications…

3 days ago

Remove You-hub.online pop-up ads (Virus Removal Guide)

You-hub.online is a site that tries to force you into clik to its browser notifications…

3 days ago