By: Symantec Blog
Hackers looking to attack individual servers—that’s yesterday’s news. Today, cyber criminals are more interested in gaining illicit access to corporate networks and soliciting offers to sell access on the dark web. A report by Positive Technologies found the number of dark web posts hawking network access was up 69% in the first quarter of 2020 compared to the fourth quarter of 2019. Not only are the number of incidents on the rise, the price tag for access is also climbing significantly. The report found that dark web pricing for this type of access had a huge range, from $500 to $100,000. In addition, some sellers are offering a commission of up to 30% of the profit from a hack that uses their access details.
Industrial companies are also increasingly in the crosshairs of a hacking group dubbed RATicate that attacks industrial companies though the use of remote access tools (RATs) and information-stealing malware. The group targeted industrial companies in Europe, the Middle East, and Republic of Korea as part of five campaigns between November 2019 and January of this year. More recently, the group appears to have shifted tactics slightly and is using concerns about COVID-19 to convince victims to open the payloads. It’s unclear at this point whether RATicate is doing the business of corporate espionage or acting as a malware-as-a-service provider for others.
Attacks on cloud-based data are also ramping up. According to the 2020 Verizon Data Breach Investigations Report, breaches involving web applications and unsecured cloud storage nearly doubled in 2019 compared to 2018. The rise, Verizon found, can be attributed to companies moving information off-premises as well as misconfigurations. Web application attacks accounted for close to half of all breaches in 2019 (43%), and Verizon expects this vector to be more active throughout 2020 due to the shift in applications and data to the cloud fueled by remote work and COVID-19.