In 90% of cases, even a novice attacker can perform a successful attack using access bought on the dark web
Positive Technologies experts conducted a study of the shadow market used by cybercriminals as a foothold to attack GCC1 companies2 . According to the data, UAE and Saudi Arabian companies are the favorite targets of attackers. The most common subject of the dark web ads is the sale of access and data. The minimum cost of access is as low as $35, with more than half of such posts advertising a price of between $100 and $1,000. In the vast majority of cases, access is granted with administrator rights, making it much easier for even inexperienced attackers with limited budgets to attack companies.
UAE and Saudi Arabian companies are most frequently mentioned in the ads (46% and 23% ads, respectively). These countries are associated with oil production and wealth, which apparently attracts cybercriminals.
Government and finances are the most popular economic sectors discussed on the dark web (30% and 20% of posts, respectively): hacktivists and ransomware gangs focus their efforts on these areas.
33% of all the ads are related to the sale or distribution of data, including companies' databases and credentials (names, email addresses, and so on). This information can be used in various attacks, including phishing and extortion. Experts point out that a third (31%) of all data discussed on the dark web is distributed for free, which means all sorts of attackers can use it.
The sale of access to companies' infrastructures was the second most popular theme on the dark web (22%). According to our study, this service costs an attacker between $35,000 and $40,000.
Positive Technologies analyst Anastasiya Chursina comments: "It is important to note that in most cases, access is very cheap ($100–1,000), and in the vast majority of cases (90%) it comes with administrator rights. In other words, even the most inexperienced attacker with a small budget doesn't need to modify the "product" in any way: it can be used to successfully attack a target company as is. Some ads, however, offer expensive access to major companies in the region. The buyers in these cases are hackers with more advanced skills preparing to conduct sophisticated attacks."
Such active trade of data and access to companies' infrastructures coupled with cheap cyberservices and low attacker skill requirements make the information systems of the GCC region's companies extremely vulnerable. Experts recommend that companies build their defenses taking into account all possible threats and cyberattack scenarios and use modern tools such as application level firewalls, network traffic analysis systems, and solutions for collecting and analyzing information about security events.
- Gulf Cooperation Council (GCC), consists of six countries—Saudi Arabia, Kuwait, the United Arab Emirates, Qatar, Bahrain, and Oman.
- We analyzed 252 Telegram channels and dark web forums (8,884,023 users and 91,484,658 posts total). These included multilingual platforms centered around various subjects.
