Connect with us

Tech

$2k to access your organisation on the dark web

Published

on

$2k to access your organisation on the dark web

Dark web brokers will sell access to company networks and systems for an average of $2,000 to $4,000

Alex Scroxton

By

Published: 15 Jun 2022 15: 06

The average cost to access the network or IT systems of an organisation lies somewhere between $2,000 (£1,650) and $4,000 (£3,300) – a relative trifle when compared to the sums ransomware operators demand and receive, and the massive financial damage that can be wrought by a well-timed cyber attack.

This figure is based on an analysis of hundreds of posts on dark web cyber criminal forums, conducted by researchers at Kaspersky, who have just released a paper on the subject, How much does access to corporate infrastructure cost?

The research team uncovered high levels of demand on the dark web not just for data stolen during an attack, but for the data and services necessary to orchestrate an attack in the first place.

“The cyber criminal community has evolved, not only from a technical point of view, but from the standpoint of their organisation,” said Kaspersky’s Sergey Scherbel. “Today, ransomware groups look more like real industries with services and products for sale.

“We constantly monitor darknet forums to detect new trends and tactics of the cyber criminal underground and we have observed the increasing market of data required to organise an attack. Gaining the visibility of sources across the dark web is essential for companies seeking to enrich their threat intelligence.”

Prices for this access vary greatly, said Kaspersky, starting at a couple of hundred dollars at the low end, and rising to hundreds of thousands.

Initial access brokers (IABs), who, as others have reported, are becoming a key cog in the crime-as-a-service economy, enact pricing structures that are, by and large, determined by the revenue of a potential victim.

For example, a FTSE 100 company with global assets and interests will clearly be a juicier target than a local plumbing business, so, understandably, the amount of money a cyber criminal can potentially earn from that attack is the most important component of an initial access price.

Also, IABs know that ransomware operators who stand to make millions from successful attacks are prepared to pay handsomely, spending tens of thousands of dollars in some cases.

Other factors that come into play include the reputation and expertise of the IAB, and the different type of access they are offering.

For example, said Scherbel, information about a vulnerability, such as an SQL injection or remote code execution (RCE) bug, is priced very differently from legitimate credentials for remote desktop protocol (RDP) or secure shell (SSH).

This is because, in the first instance, the buyer is merely buying a shot at accessing a target network by exploiting a vulnerability, whereas RDP or SSH means that access to the target system has already been obtained.

Put simply, obtaining RDP access enables bad actors to get at a remote desktop or application that allows whoever controls it to connect to, access and control important resources and data via a remote host in the same way as a local employee. Three-quarters of the analysed ads were offering RDP access.

Indeed, Kaspersky found that most underground IABs now specialise in selling remote RDP access, and three-quarters of the analysed ads were offering RDP access.

There is also variance based on a victim’s industry and specialisations, as well as location, said Kaspersky.





Read more on Hackers and cybercrime prevention

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Tech

USB logos finally make sense, thanks to a redesign

Published

on

By

USB logos finally make sense, thanks to a redesign


Author: Mark Hachman
, Senior Editor

As PCWorld’s senior editor, Mark focuses on Microsoft news and chip technology, among other beats. He has formerly written for PCMag, BYTE, Slashdot, eWEEK, and ReadWrite.

Read More

Continue Reading

Tech

Cheaper OLED monitors might be coming soon

Published

on

By

Cheaper OLED monitors might be coming soon


Author: Michael Crider
, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Read More

Continue Reading

Tech

New Pixel Watch leak reveals watch faces, strap styles and more

Published

on

By

New Pixel Watch leak reveals watch faces, strap styles and more
Google Pixel watch



The Google Pixel Watch is incoming
(Image credit: Google)

We’re expecting the Google Pixel Watch to make its full debut on Thursday, October 6 – alongside the Pixel 7 and the Pixel 7 Pro – but in the meantime a major leak has revealed much more about the upcoming smartwatch.

Seasoned tipster @OnLeaks (opens in new tab) has posted the haul, which shows off some of the color options and band styles that we can look forward to next week. We also get a few shots of the watch interface and a picture of it being synced with a smartphone.

Watch faces are included in the leak too, covering a variety of different approaches to displaying the time – both in analog and digital formats. Another image shows the watch being used to take an ECG reading to assess heartbeat rate.

Just got my hands on a bunch of #Google #PixelWatch promo material showing all color options and Watch Bands for the first time. Some details revealed as well…@Slashleaks 👉🏻 https://t.co/HzbWeGGSKP pic.twitter.com/N0uiKaKXo0October 1, 2022

See more

Full colors

If the leak is accurate, then we’ve got four silicone straps on the way: black, gray, white, and what seems to be a very pale green. Leather straps look to cover black, orange, green and white, while there’s also a fabric option in red, black and green.

We already know that the Pixel Watch is going to work in tandem with the Fitbit app for logging all your vital statistics, and included in the leaked pictures is an image of the Pixel Watch alongside the Fitbit app running on an Android phone.

There’s plenty of material to look through here if you can’t wait until the big day – and we will of course be bringing you all the news and announcements as the Google event unfolds. It gets underway at 7am PT / 10am ET / 3pm BST / 12am AEDT (October 7).


Analysis: a big moment for Google

It’s been a fair while since Google launched itself into a new hardware category, and you could argue that there’s more riding on the Pixel Watch than there is on the Pixel 7 and Pixel 7 Pro – as Google has been making phones for years at this point.

While Wear OS has been around for a considerable amount of time, Google has been leaving it to third-party manufacturers and partners to make the actual hardware. Samsung recently made the switch back to Wear OS for the Galaxy Watch 5 and the Galaxy Watch 5 Pro, for example.

Deciding to go through with its own smartwatch is therefore a big step, and it’s clear that Google is envious of the success of the Apple Watch. It’s the obvious choice for a wearable for anyone who owns an iPhone, and Google will be hoping that Pixel phones and Pixel Watches will have a similar sort of relationship.

What’s intriguing is how Fitbit fits in – the company is now run by Google, but so far we haven’t seen many signs of the Fitbit and the Pixel lines merging, even if the Pixel Watch is going to come with support for the Fitbit app.

Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.

Read More

Continue Reading

Trending

Copyright © 2022 Xanatan