.jpeg) |
| Ilustrasi (IST) |
Kaspersky, a cyber security company, conducted research and revealed that there is a high demand on dark web sites for data . obtained from cybercrimes
That data, not only for data obtained from cyberattacks, but also data and services needed to carry out attacks. For example, the data needed to perform certain stages of a multiphase attack.
Once cyberattackers gain access to a company's infrastructure, they can sell that access to other cybercriminals, for example to ransomware .
Kaspersky researchers report, data access for large enterprise infrastructure typically ranges from US$ 2000-USS4000 (IDR 30-60 million). But actually there is no limit to the price offered. Data for companies with revenues of US$465 million can be offered for US$50,000 (IDR741 million).
“We are seeing an increasing market for the data needed to carry out attacks. Being able to view various resources on the dark web is important for companies looking to enrich threat intelligence,” said Sergey Shcherbel, Kaspersky Security Specialist in a press release, Monday (27/6/2022).
Kaspersky researchers analyzed more than 200 posts on the dark web offering to purchase early access information on company forums, with the intent of determining what type of company data is being sold, as well as what criteria cybercriminals use to price a company's data.
Mentioned, most posts (75%) sell RDP ( Remote Desktop ) access. They provide access to hosted remotely
One of the most important components in pricing early access is the amount of money an attacker can get from an attack using that access. There is a reason why ransomware are prepared to pay thousands, even tens of thousands of dollars, to infiltrate corporate networks.
“Companies that are targeted can lose up to millions of dollars. The most active ransomware perpetrators last year were estimated to have received $5.2 billion in transfers in the last three years," added Sergey.
Sergey explained, in addition to encrypting company data, cybercriminals also stole the data. They would then post the stolen data on blogs , primarily as evidence, and extra bargaining power, to threaten to post more data if the company didn't pay the ransom they demanded within a certain timeframe.
"Quick information regarding planned attacks, discussions around vulnerabilities, and data leak events will help reduce attack surface (the number of points that can be a source of data leaks) and take appropriate steps," said Sergey
EmoticonEmoticon