Hacker selling various stolen goods

Ransomware victims and network access data sold by hackers for $4 million

A study on ransomware for Q3 2022 was just released by the Israeli cyber-intelligence company KELA. The value of the 576 global business network accesses allegedly sold by hackers globally is said to be $4 million. This made it simpler to launch cyberattacks on big corporate networks.

The total requested price has now surpassed $4,000,000, even though the quantity of network access sales kept the same as in the earlier Q2. To provide a point of context, the total value of compromised data in Q2 2022 was $660,000, showing a price decrease that overlapped with the summertime ransomware break that reduced demand.

According to the KELA report:

In Q3 actors offered more expensive listings since the total number of listings remained almost the same. On average, there were around 190 access listings in each month of Q3, slightly higher than in Q2.

How do these attacks begin?

Initial access brokers (IABs) are cybercriminals that buy and sell access to business networks. They often do this via stealing credentials (via Phishing Attacks), using web shells, or finding security vulnerabilities in publicly accessible hardware.

Once a threat actor has gained access to the network, they sell that access to other hackers, who then use it to steal sensitive information, spread ransomware, or engage in other illegal activities.

A variety of factors define IABs’ decision not to use network access, from a lack of different intrusion skills to a need to avoid mounting legal issues. Even if they were neglected last year when large ransomware gangs that worked as criminal networks had their own IAB departments, IABs continue to play a key role in the ransomware outbreak chain.

Q3 2022: High demand for data breaches

The analysts at KELA saw 110 threat actors publish 576 first accessibility bids with a combined worth of $4,000,000 in the Q3 of 2022. A total of 570 network access listings for sale were found by KELA in Q3 2022, with one access being offered for USD 3 million. The total asking prices for all these listings was roughly USD 4 million.

Initial Access Brokers' activity between Q1 and Q3 (Ransomware)
Initial Access Brokers’ activity between Q1 and Q3 (KELA)

In Q2 2022, the average cost of access was about $1500 as compared to the current average of $2800. The median price increased significantly from $300 in Q2 to $1350 now. As a result, actors offered more costly ads in Q3 since there were about the same number of listings overall.

Network Access Listing Prices in Q1-Q3
Network Access Listing Prices in Q1-Q3 (KELA)

In another instance, a single access was being sold for the insane sum of $3,000,000, according to KELA. The validity of this listing was challenged, hence it was excluded from the Q3 ’22 figures and totals.

In Q3 2022, the top three IABs ran a significant business, selling between 40 and 100 accesses. Based on hacker forum conversations and marketplace listing removal incidents, the typical selling time for corporate access was barely 1.6 days, with the majority being of the RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) varieties.

The United States accounted for 30.4% of all IAB proposals this quarter, making it the most targeted nation. This statistic is quite like the 39.1% percentage of ransomware attacks in Q3 that targeted American businesses.

IABs' most often targeted nations in Q3
IABs’ targeted countries in Q3 (KELA)

The three targeted industries with the highest percentages were professional services, manufacturing, and technology, with 13.5%, 10.7%, and 9.5%, respectively. Once more, ransomware attacks have a comparable rating, highlighting the relationship between the two.

The importance of properly protecting your network from attack cannot be emphasised because first access brokers have proven to be an important connection in the ransomware attack chain.

To prevent the theft of company credentials, this involves hiding remote access servers behind VPNs, limiting access to devices that are visible to the public, turning on MFA, and providing phishing training.

Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts