In the latest study, researchers at Positive Technologies have documented the evolution of hacker-placed ads on the Dark Web from 2020 to early 2021. It has transformed into a thriving marketplace for cybercriminals who want to buy or sell illegal and malicious goods and services.
The number of ‘access-for-sale’ ads on the dark web has increased seven-fold compared with previous years. Researchers have identified as many as 590 new offers in the first quarter of 2021 alone, which is 83% of all offers in 2020. A contributing factor to this increase is a jump in ransomware attacks, according to the report.
Security specialists at the company believe that the profile of threat actors is changing in many ways. The profile of an outside intruder who gains first access to a corporate network is different from a criminal who tracks an attack after breaking inside. Most importantly, the two have different skillsets.
Positive Technologies researchers note that ads promising access on dark web forums increased with each quarter throughout the observed period. In the first quarter of 2021, the number of users who placed ads for buying and selling access and also for seeking hacking partners tripled compared to Q1 2020.
“The market for access to corporate networks has evolved in the past few years. It could be assessed as mature as early as the beginning of 2020. A factor that contributed to this level of development is an increase in ransomware attacks: members of ransomware partner programs often use offers available on the initial access market,” Vadim Solovyov, a senior information security analyst at Positive Technologies stated.
Around $600,000 worth of corporate network access is sold on the Dark Web each quarter. Though that number seems low, selling prices on the Dark Web tend to be cheap, and the average cost keeps going down. This may reflect mass entry into the market by novice attackers.
“As we can see, most companies who had access to their networks put up for sale by cybercriminals belong to the services (17%), manufacturing (14%), and research and education (12%) industries. Note that the share of industrial companies and financial institutions, whose networks are typically more expensive to hack, decreased somewhat. This may be attributed to the fact that the initial access market is served by lower-skilled actors who prefer easier victims,” Yana Yurakova, a security analyst at Positive Technologies explained.