$2,000 to access your organization on the dark web

The average cost of accessing an organisation’s network or IT systems is between $2,000 (£1,650) and $4,000 (£3,300) – a relative trifle compared to the sums Ransomware that operators demand and receive, and the enormous financial damage that can be caused by a well-timed cyberattack.

This figure is based on an analysis of hundreds of posts on dark web cybercrime forums, conducted by Kaspersky researchers, who have just published an article on the subject, How much does access to the company’s infrastructure cost?

The research team found high levels of demand on the dark web, not only for data stolen in an attack, but also for the data and services needed to orchestrate an attack in the first place.

“The cybercriminal community has evolved, not only from a technical point of view, but also from an organizational point of view,” said Sergey Scherbel of Kaspersky. “Today, ransomware groups are more like real industries with services and products for sale.

“We continuously monitor darknet forums for new trends and tactics of the underground cybercriminal and have observed the growing market of data needed to stage an attack. Obtaining source visibility on the dark web is critical for businesses looking to enrich their threat intelligence.”

Prices for this access vary widely, Kaspersky said, starting at a few hundred dollars at the low end and reaching into the hundreds of thousands.

Initial Access Brokers (IABs), which as others have pointed out are becoming a vital cog in the economy of crime as a service, are adopting pricing structures that are, by and large, determined by the income of a potential victim.

For example, a FTSE 100 company with global assets and interests will clearly be a juicier target than a local plumbing company, so naturally the amount of money a cybercriminal can potentially make from this attack is the most important element of an initial access. the price.

Additionally, IABs know that ransomware operators who stand to make millions from successful attacks are willing to pay handsomely, spending tens of thousands of dollars in some cases.

Other factors that come into play include the reputation and expertise of the IAB, as well as the different types of access they offer.

For example, Scherbel said, information about a vulnerability, like a SQL injection or remote code execution (RCE) bug, has a very different price than legitimate credentials for the Remote Desktop Protocol. (RDP) or the secure shell (SSH).

Indeed, in the first place, the buyer is simply buying a chance to access a target network by exploiting a vulnerability, whereas RDP or SSH means that access to the target system has already been obtained.

Simply put, gaining RDP access allows malicious actors to gain access to a remote desktop or application that allows anyone in control to connect, access and control resources and data important via a remote host in the same way as a local employee. Three-quarters of the advertisements analyzed offered RDP access.

Indeed, Kaspersky found that most underground IABs now specialize in selling remote RDP access, and three-quarters of the advertisements analyzed offered RDP access.

There are also variances based on industry and victim specializations, as well as location, Kaspersky said.