According to a new report from KELA, in the third quarter of this year, hackers sold access to 576 corporate networks around the world.
You can also read about Criterias that ransomware gangs use to choose their target.Experts report that, in general, the market for selling access shows stable activity, but recently there has been a sharp increase in the cost of offers in this area. Although the number of offers has remained roughly the same as in the previous two quarters, the total cost of accesses already reaches $4,000,000. For comparison: in the second quarter this figure was $660,000.
In total, the researchers found 110 attackers on the network who posted 576 offers to sell access. The total cost of these “lots” was approximately $4,000,000, and the average price of access to someone else’s network is estimated at $2,800 (median cost – $1,350).
In addition, experts observed a case where one person was asked for just $3,000,000 for access. However, this case was not included in the statistics, as KELA had doubts about the authenticity of the hacker’s statements.
Basically, according to the researchers, only three large access sellers are most active in the “market”, each of which offers from 40 to 100 accesses for sale.
Judging by the discussions on hacker forums and the time it takes from posting to closing ads, the average time to sell enterprise access is only 1.6 days, and most of them are related to RDP and VPN.
Most often, companies and organizations from the United States, which account for up to 30.4% of all offers, become the targets of attackers. This statistic echoes in an interesting way the activity of ransomware groups, 39.1% of which targeted U.S. companies in the third quarter of 2022.
As for the most attractive sectors for hackers, this list is headed by professional services, manufacturing and technology (13.4%, 10.8% and 9.4% respectively). Again, this clearly correlates with ransomware activity, which most often targets these companies. Experts conclude that the data collected once again underlines the close relationship between access brokers and their “colleagues”.
