The study includes a quantitative and qualitative analysis of a sample of 46 network accesses offered for sale on underground forums. Of this sample, seven vendors accounted for more than half of the access points sold, which represents a broader trend of concentrated attacks by hackers dependent on specific vendors. In 40 ads for the sale of access to hacked networks, the location of the victims’ organizations was indicated. 40% of the hacked companies were located in the USA or Canada.

According to experts, 10 of the 46 hacked companies worked in the telecommunications industry, while financial services, healthcare and pharmaceuticals, energy and industry ranked second in popularity.

As the results of the study showed, more than 37% of all victims in the data sample were from North America, while the average access price was $9640. Access to a major telecommunications service provider in Asia with an annual revenue of more than $1 billion cost $95 thousand.

According to the researchers, the darknet forums make it possible to create a decentralized system in which less experienced cybercriminals can rely on each other to solve various tasks, allowing most ransomware operators to simply buy access from others.

The network access offered varies from system administrator credentials to full remote network access.

As millions of people switched to remote operation due to the coronavirus pandemic (COVID-19), sales of network access have grown significantly over the past 18 months.

Sometimes attackers realize that there is no data in the hacked network that can be stolen or sold, as a result of which they decide to sell access to extortionate groups. Messages offering compromised access to the network include information about the victim, the form and the level of access. Sometimes victims are identified by location, industry or sector, and income information is often included. Descriptions may also include the number and types of computers on the network or the types of files and data they contain.[2]