Breaching the networks of their victim organizations to deploy malware may not always be the ultimate motive of attackers. Cybercriminals have now gone one step ahead and are offering access to these compromised networks at different prices on underground markets.
What is the offered price?
Levels of access to a compromised network are offered to buyers on dark web markets for a price starting at $1000. The price can go up to $4500 depending on how deep the hackers have infiltrated.
Which is the most targeted industry?
Entities from various sectors have been breached. However, it is the Managed Service Providers (MSPs) that attract the highest number of attacks from cybercriminals.
SentinelOne reports that over the last 3 to 4 years, there have been several attacks on MSPs from various notorious ransomware such as Snatch ransomware, Sodinokibi, Ryuk and Maze.
MSPs are lucrative targets for attackers as they can reach multiple targets or environments just by compromising a single MSP. In some situations, MSPs can also be abused to gain persistence on a network while evading detection from certain security controls like Firewalls and Intrusion Detection Systems (IDS).
What services from MSPs are offered on the dark web?
Criminal vendors offer a variety of MSP services depending on singular or privileged accounts. These breach accounts can allow a bad actor to gain a full persistence on root shells or remote consoles.
Types of access offered by threat actors include:
Companies can reduce the risk of an intruder taking roots on their network or move laterally by implementing security meansures such as: