How much do you think access to your company is worth? More specifically, how much does it cost to break into your company?
Just $2,100 (R36,000) in the Middle East, Turkey, and Africa (META) region says cybersecurity firm Kaspersky, reaching $4,000 (R70,000) globally.
No wonder 1,270,617 user accounts were hacked in 2021-2022, according to the company’s research, after their devices were infiltrated and their details posted on the so-called Dark Web. This is the unseen internet beloved by criminals, drug dealers, CSM distributors, and other cyber criminals, who use these hard-to-find servers, chat forums, instant messaging services and sites to trade in their nefarious goods.
“Sensitive data stolen from companies during cyberattacks often ends up on Dark Web markets and forums…. Not only corporate data itself is for sale, but also the information necessary for access to corporate networks to organise that attack,” says Yuliya Novikova, Kaspersky’s head of security services analysis.
It also highlights the evolving nature of cybercriminal operations, where some criminal gangs steal such login details, and then sell them to other gangs to do the actual attack – often to inject ransomware.
The average cost for access to corporate systems ranges from $2,000 to $4,000, which is “relatively inexpensive compared to the possible damage to the targeted business. Such services are of prime interest to ransomware operators, whose profit may reach tens of millions of dollars a year”.
However, 42% of all offers globally for such access details are cheaper than $1,000 (R17,200), warns Kaspersky, while 75% of exploits use the remote desktop protocol, producing a more sinister version of the RDP acronym that most South Africans know from housing.
In the past two years in the META region, the cybersecurity firm found access details for over 100 companies, with an average revenue of $500 million. Those Dark Web offers account for 8% of all such global details, with $25,000 (R430,000) being the most expensive.
“While the Dark Web seemed impossible to control in the past, now the situation is changing,” says Novikova. “Businesses can act to give fraudsters less opportunity to make dark web profits out of their data. Organisations should protect their data from being stolen with strong data security practices, including data encryption, and educating employees on how to avoid accidentally giving cybercriminals access”.
Or, as Eugene Kaspersky, the company’s larger-than-life CEO, recently put it on Reddit: “Stop trusting everyone on the internet”.
Cybersecurity needs to become a priority
Speaking at a Kaspersky security summit last month, the eponymous founder said cybercriminal gangs are getting more sophisticated and target different aspects of the security systems. These are gangs are known as advanced persistent threat (APT) operators.
“There are more and more criminals and hackers joining the cybercrime business and more and more people developing malware,” he says. “These are huge numbers. The numbers are scary, and it’s getting bigger; cybercriminals are more active and there are more people in this business.”
The increase in such groups is concerning: “Five years ago, we had about 100 APT groups. Right now, it’s about 900. Most of them are state-sponsored and use espionage tools,” he says. “Three years ago, we had 340,000 new malicious applications every day. Now we have more than 400,000 new unique malicious files. It’s our daily catch.”
The problem is that the world is much better connected than it was during the dial-up internet days. Such ubiquitous connectivity makes it easier not just for the average person to get online but also for hackers to access businesses and home devices.
Read More: How to beef up your cybersecurity
“Today’s hyper-connected world requires us to reconsider the way we do cybersecurity,” warns Kaspersky’s CEO, while the increasing sophistication of the bad actors means it’s “unfortunately getting more complicated to protect against these”.
Just under a third of all security incidents in the META region involved ransomware, the firm’s researchers found, mostly aimed at government, IT and industrial sectors.
There was a 34% increase in targeted ransomware attacks in Africa. Globally 53% of infiltrations happen through public-facing applications, followed by compromised accounts (18%) and malicious emails (14%).
Amazingly, says Ayman Shaaban, Kaspersky’s digital forensics and incident response manager, “in 30% of the security incidents, attackers made usage of legitimate tools used by organisations”.
Cybersecurity is now utterly essential for any business, as important as the productivity software or talent of the staff. This is especially true in the context of countries such as China, Russia and North Korea actively encouraging hackers to attack Western targets, or at best looking the other way when they do. Like the invasion of Ukraine, where cyber-attacks are as much a part of Russia’s strategy as tanks and missiles, cyber warfare is increasingly part of these rogue regimes’ attacks.
Ransomware is also on the rise across the world, and companies need to have backups of their data – or risk being at the mercy of cybercriminals. Many desperate and foolish firms attempt to pay the ransom – always in cryptocurrency – but seldom see their data returned. Why would a blackmailer stop blackmailing a victim foolish enough to pay the first time?
This article first appeared in the Financial Mail.