Tag: META region

$2,100; Price of Your Company’s Sensitive Data on Dark Web

Sensitive data stolen from companies during cyberattacks often ends up on Dark web markets and forums. With the rise of the cybercrime as a service business model, Kaspersky researchers found that not only corporate data itself is for sale, but also the information necessary for access to corporate networks to organise that attack.

Globally the average cost for access to corporate systems is in the range from $2,000 to $4,000, and in the META region the average price for access to corporate infrastructure is $2,100.

This is relatively inexpensive compared to the possible damage to the targeted business. Such services are of prime interest to ransomware operators, whose profit may reach tens of millions of dollars a year.

The Dark web is a common term that is used to describe different resources used by cybercriminals – forums, instant messengers, Tor websites, blogs, Pastebin and similar websites, and others. The Dark web is also a multifunctional platform and market for any need – from attack preparation to money withdrawal.

Ways the attackers can get access to corporate data

The first way is by exploiting vulnerabilities on the network perimeter. These can be unpatched software with available exploits, vulnerabilities in web applications, misconfigured services or zero-day¹ vulnerabilities.

Another way is by phishing attacks. Most common attack scenarios include fake business correspondence from partners, fake links for online meetings or documents, and COVID-related emails.

Finally, access can be gained by infecting user devices (personal or corporate ones) with a data stealer. Data gets stolen while users continue to work on their device, then the stolen data is transferred to Command and Control servers, packed in files, which are then published on Dark web forums and put on sale. In South Africa, 1,270,617 accounts of users were stolen this way in 2021-2022. In Kenya, 375,011 accounts of users were stolen during the same period.

Selling access on the dark web

Once an attacker gains access to the organisation’s infrastructure, they can then sell this access to other advanced cybercriminals, for example, ransomware operators.

The price for accessing potential victims’ systems is relatively inexpensive when compared to the possible damage that can be done afterwards. The average cost for access to a company’s systems lies in the range from $2,000 to $4,000.

The cost of initial access depends on the victim company’s revenue and price. Globally 42% of all offers for the sale of access are cheaper than $1,000.

The majority (75%) of all lots offer initial access through Remote Desktop Protocol (RDP), making the access for buyers easy.

Other types include access through virtual network computing services, through web shell, through Citrix access or SQL injection.

While companies from the META region account for 8% of all offers globally on the sale of access to corporate infrastructure, their access is sold at a high price – the most expensive offer stood at $25 000. The average price for access to corporate infrastructure in the META region is $2,100.

The most expensive offers that were found were for companies from Saudi Arabia, the UAE, Israel (starting from $5,000).

Access to over 100 enterprises in META with an average revenue of $500 mln has been up for sale on the Darknet over the past 2 years.

Protecting businesses from dark web criminals

“While the Dark web seemed impossible to control in the past, now the situation is changing. Businesses can act to give fraudsters less opportunity to make dark web profits out of their data. Organisations should protect their data from being stolen with strong data security practices, including data encryption and educating employees on how to avoid accidentally giving cybercriminals access,” comments Yuliya Novikova, Head of Security Services Analysis at Kaspersky. “Dark web monitoring should be considered as a threat intelligence data source for cybersecurity staff – CTI analysts, SOC analysts, and others. It will allow to immediately react on security incidents such as offers on selling access to the company and help to prevent data breaches. Digital Footprint Intelligence introduced within the Kaspersky Threat Intelligence portal provides access to insights from a range of validated sources worldwide, allowing companies to mitigate the impact of cyberattacks and identify potential threats before they become incidents.”

November 25, 2022
META region: 38% of Industrial Computers Hit by Cyberattacks in Nine Months

From January to September 2022, computers in the industrial control systems (ICS) environment were attacked using multiple means.

In the META region, malicious objects were blocked on 38% of ICS computers in the region that were protected by Kaspersky solutions, according to Kaspersky ICS CERT statistics.

Globally the share of ICS computers with blocked malicious objects stands at 31,8%. APT attacks on industrial systems are expected to get even more sophisticated in the coming months.

ICS computers are used in oil & gas, energy, automotive manufacturing, building automation infrastructures and other spheres to perform a range of OT functions – from the workstations of engineers and operators to supervisory control and data acquisition (SCADA) servers and Human Machine Interface (HMI).

Cyberattacks on industrial computers are considered to be extremely dangerous as they may cause material losses and production downtime for the controlled production line and even the facility as a whole.

Moreover, industrial enterprises put out of service can seriously undermine a region’s social welfare, ecology and macroeconomics.

During the three quarters of 2022 in the META region ICS computers in the oil and gas sector faced attacks most often (39,3% of them got attacked). Attacks on building automation systems were in second place – 38,8% of ICS computers in this sector were targeted. The energy sector was also among the top-3 environments that got attacked (36,8% of computers there were affected).

| Source: Kaspersky

In total in January-September 2022 various types of malicious objects were blocked on 38% of ICS computers in the META region.

Of these, most attacks on ICS infrastructure came from the Internet (28,2%). 9,9% of attacks were made through email clients. 7,0% of attacks were conducted through removable media, 0,9% – through network folders.

| Source: Kaspersky

In Nigeria, various types of malicious objects were blocked on 38.7% of ICS computers between January-September 2022.

| Source: Kaspersky

Of these, 19.4% came from the Internet and 3.5% of attacks were made through email clients. 10.7% of attacks were conducted through removable media.

APT attacks on industrial systems are expected to get even more sophisticated in the coming months.

The targets will be organisations in agriculture, logistics & transportation, energy (mining, chemical, machine tool industry) sectors, as well as the sectors of renewable energy and Hi-Tech.

Another trend seen by Kaspersky for the remainder of 2022 and the next year is the rise of ransomware in ICS environments.

Ransomware groups have come a long way: scattered gangs become organised businesses and form a full-fledged industry. We are seeing more cases where ransomware attacks, including those on ICS computers, are performed manually, in a time-consuming, yet efficient manner.

“The period of global instability provokes global semiconductor shortage. In turn, that causes companies to lower their budgets on cybersecurity, which becomes a critical issue in 2022-2023, especially in view of the evolving threat landscape. Critical industrial infrastructure solutions will be a new target for cybercrime,” says Vladimir Dashchenko, Kaspersky Industrial Control Systems Cyber Emergency Response Team expert.

November 21, 2022
Africa: Phishing and Scams Hit the Roof with 234% Increase in Q2 2022

Kaspersky analysis has revealed that attacks related to data loss threats (phishing and scams/social engineering) increased significantly in Africa in Q2 2022 in comparison with the previous quarter – where the company’s security solutions detected 10,722,886 phishing attacks in Africa in Q2.

Social engineering, which is sometimes called “human hacking” scams, are used in many ways, and for different purposes, to lure unwary users to the site and trick them into entering personal information.

The latter often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts.

In the wrong hands, this opens doors to various malicious operations, such as money being stolen, or corporate networks being compromised.

Phishing is a strong attack method because it is done at a large scale. By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.

Phishers deploy a variety of tricks to bypass e-mail blocking and lure as many users as possible to their fraudulent sites.

A common technique is HTML attachments with partially or fully obfuscated code. HTML files allow attackers to use scripts, obfuscate malicious content to make it harder to detect, and send phishing pages as attachments instead of links.

According to Kaspersky data, attacks related to data loss threats have grown by 234% in Africa in the second quarter of 2022. For Africa, Kenyan users have been influenced the most by this type of threat: there were 5,098,534 phishing attacks detected in 3 months – a growth of 438% when compared to the previous quarter.

It was followed by South Africa (4,578,216 detections and a growth of 144%) and Nigeria (1,046,136 detections and a growth of 174%).

In particular, while vacation season is high, scammers are trying to lure travelers who are looking for interesting places to go, cheap places to stay and reasonably priced flights.

Kaspersky researchers have observed intensified scamming activities, with numerous phishing pages distributed under the guise of airline and booking services.

The number of attempts to open phishing pages related to booking and airline services in the first half of 2022 was 4,311 in the META region.

“Planning a vacation is not easy. People can spend weeks, even months, looking for the perfect place to stay and the tickets to get them there. Fraudsters use this to lure users that have grown tired of searching for great deals. After two years of flight restrictions imposed by the pandemic, travelling is back. But so are travel scams – with intensified scamming activity targeting users through fake booking and rental services. Such attacks are totally preventable, which is why we urge users to be skeptical about overly generous offers. If an offer seems too good to be true, it probably is,” comments Mikhail Sytnik, security expert at Kaspersky.

August 2, 2022
5 Steps to take after employee information leakage
A recent Kaspersky Employee Wellbeing 2021 report unveils that while organisations regularly face employee data leakage, 36% of respondents from the META region prefer not to disclose these incidents publicly.

At the same time, staff may lack basic cybersecurity knowledge to protect themselves as only 38% of businesses offer IT security training.

According to the report, lack of external knowledge about potential cybersecurity incidents is not usually mitigated by internal efforts.

According to the research, only 38% of organisations have already implemented security education and training to ensure that employees are provided with crucial information.

In addition, more than seven in ten (76%) of those companies have experienced at least one issue relating to the quality of these services.

This includes dissatisfaction with the high complexity of courses and a lack of support or expertise on the part of the training provider.

Employees that had not been provided with basic knowledge about the importance of protective measures, can’t be expected to follow the rules.

In 2021, compliance of staff and dealing with insufficient end-user security culture is one of the top three biggest concerns for businesses when it comes to IT security – 38% of respondents cited it among the most alarming issues.

In practice, companies regularly face informational security infringements (50%), inappropriate IT resource use (53%), and improper sharing of data via mobile devices (50%).

Breach prevention requires concerted action by everyone who interacts with a corporate system and could be a potential target for attackers.

To better secure employees, companies should combine reliable protective measures with maintaining security awareness among their teams.

These include:
1. Ensuring prompt patching and updating of software to prevent adversaries penetrating the system.
2. Implementing high-grade encryption for sensitive data and enforcing strong credentials and multi-factor authentication.
3. Using effective endpoint protection with threat detection and response capabilities to block access attempts, and managed protection services for efficient attack investigation and expert response.
4. Minimising the number of people with access to crucial data. Breaches are more likely to occur in organisations where too many employees work with confidential and valuable information that can be sold or somehow used.
5. Equipping your employees with the cybersecurity skills they need.
There is a need for the organisation to provide education that presents all the necessary and up-to-date information in an engaging format.

To save time and receive a quality service, companies should work with globally recognised providers that can ensure an efficient learning process.
January 18, 2022

Translate »