Access to corporate networks sold for an average of $7,100

In the context of the pandemic and the widespread transition to remote control, trading in primary access to corporate networks of various organizations is gaining momentum, analysts from Digital Shadows warn.

So-called “primary access brokers” break into company networks and compromise employees, but they do not go beyond this and act as intermediaries, selling the gained access to other attackers (often operators of ransomware).

“Rather than infiltrating an organization deeply, this type of threat actor operates as a ‘middleman’ by breaching as many companies as possible and goes on to sell access to the highest bidder – often to ransomware groups. Their method of operating is flourishing during the pandemic as employees increasingly log in to systems remotely”, — Digital Shadows specialists wrote.

The researchers note that since 2016 this area has become much more active, and over the years, many underground marketplaces have been reorganized and acquired special sections for selling such “goods”. Currently, there are already about 500 such trading platforms.

According to the company, today the average price for access to someone else’s network is $7,100, and the total cost depends on the organization’s income, the number of employees, the number of available devices and the type of access.

RDP remains the most popular method of penetrating foreign networks – 17% of the total number of ads. Also, RDP access has the highest average price – $9,800. It is also worth noting that the FBI representatives warned that in 70-80% of cases, the attackers’ initial foothold is exactly the compromise of RDP.

“Domain Admin Level access is also prized on the black market, accounting for 16% of the total, with an average price tag of $8,187”, – said analysts.

Also, due to the global trend of moving to remote work, the demand for VPNs, which provide access to someone else’s corporate network, has increased. The average price for such access is $2,871 (15% of the total number of ads).

In addition to the already listed vectors of penetration into foreign networks, Citrix Access (7%), various control panels (6%), CMS (5%) and shells (5%) are also in demand.

Let me remind you that we reported that Chinese hackers used NSA exploit years before The Shadow Brokers leak. And that The US government has warned agencies about cybersecurity risks for years.