Cyber criminals are eager to gain access to corporate infrastructure, which is why it has become one of the most popular topics on Darknet forums, accounting for 12% of all messages in trade forum sections analysed.
“For cyber criminals, it comes down to making as much profit as possible from the initial access gained. They sell anything from valid credentials and user and admin cookies for Web panels to details on remote command execution vulnerabilities and access to an already uploaded Web-shell,” she says.They exploit vulnerabilities such as unpatched software, misconfigured services, zero-day attacks, and known vulnerabilities in Web applications.
She says upon analysing nearly 200 posts on the Darknet where initial access to companies’ data was being offered, Kaspersky found that 75% of the posts offered the initial access through remote desktop protocols , each with different privileges that ranged from domain admin, local admin, and regular user rights.
The demand for corporate data on the black market is significant. Kaspersky’s research shows that a large amount of initial access to companies’ data is being offered via RDP, shining the spotlight on the need for local businesses to gain visibility across the Darknet to enrich their threat intelligence, particularly in regions where remote or hybrid working models are employed.