Market for selling access grows on the Dark Web

Sheila Zabeu -

August 20, 2021

Access for sale! As if you were selling the keys to a house, this is one type of ad found on the Dark Web that sells technological means to break into corporate networks. This criminal market is developing and becoming more popular year after year, making the distinction between experienced hackers and the less skilled ones increasingly blurred and the threats knocking at the door of companies more frequent and dangerous.

Positive Technologies has assessed the evolution of this market from 2020 to early 2021 and the implications of this growth. The 10 most popular Russian and English forums on the Dark Web offering access to corporate networks were analyzed. In total, these communities amount to more than 8 million registered users, more than 7 million threads, and more than 80 million posted messages.

What we saw was an increase in ads quarter by quarter, most of them selling access to corporate networks that had already been hacked. 707 new ads were found, seven times the number revealed in 2019. The first quarter of 2021 alone revealed 590 new ads. The volume of the type of publication seeking partners and hackers for hire also increased, likely due to the expansion of ransomware programs.

Another revelation of the study pointed out that in the first quarter of 2021, the number of users posting ads to buy or sell access or collaborate tripled compared to the same period of the previous year.

Source: Positive Technologies

The total value of corporate network access sales on the Dark Web reached $600,000 quarterly. As the number of offers is increasing and the cumulative value of sales is changing slightly, it follows that the average price of access is falling. Breaking it down into shares and values, the study showed that between 2017 and the first quarter of 2020, the share of ads advertised for less than $1,000 was 15%, while in the period between the second quarter of 2020 and the first quarter of 2021, it reached 45%. The share of more expensive ads priced above $5,000 fell by almost half over the same period.

According to Positive Technologies, cheaper access usually does not offer many privileges and is offered by inexperienced cybercriminals or those afraid to proceed with attacks. Besides privileges, the cost of access usually varies according to the number of computers exposed, size, and revenue of the company that will become a victim and its industry.

Source: Positive Technologies – Example of ads in forums on the Dark Web

The market for selling access has also opened up a new job category for criminals, that of access miners. Average or novice hackers, unable to carry out attacks and take economic advantage of their activities, can now make a steady income by gaining access to corporate networks and then advertising and selling it on the Dark Web.

As you can see, the model for breaking into companies is changing, with criminals ranking in terms of technical competence and marketing their tactics through advertisements on the Dark Web. Low-skilled hackers can now keep an eye on the perimeters of large companies’ networks with security holes, unprotected applications, unpatched software, or weak administrator passwords. They’re looking for an easy source of cash, already thinking about advertising vulnerable accesses on the Dark Web. And this is especially attractive in times of pandemics when many professionals are working remotely and accessing corporate networks from a distance.

It remains for companies to ensure more comprehensive protection of networks, including their perimeters, which must be properly monitored to detect attackers before they go around announcing their conquests.