Online shopping, online payment, registrations forms and a lot of online experiences nowadays business offer to their clients, therefore you can find a lot of those clients use their personal details and payment details here, and these details can be saved in the company databases and used in a deferent ways.
Regrettably, the escalating volume of stored data has transformed these platforms into prime targets for cybercriminal activities, so the attackers trying to access these platforms and get the details stored within.
The first thing you need to do to defense is to know your enemy, that’s why we continually monitor dark web forums and messaging platforms to evaluate potential risks for various, which is something can help us to secure our customers’ data and information.
In this article we will give like an idea about dark web hackers’ interest to the GCC region, highlight the most popular topics and sectors, as well as analyze the cost of provided services and products, based on a research made by our partner “Positive Technologies” recently.
The research analyzed 252 Telegram channels and forums on the dark web with a total of 8,884,023 users and 91,484,658 messages. The sample included the biggest Multilanguage platforms dedicated to various subjects, also studied the period from January, 2022 to the end of June, 2023 related to the GCC region: the UAE, Saudi Arabia, Bahrain, Oman, Qatar, and Kuwait.
The study showed that The UAE and KSA are the most mentioned countries in published messages and advertisements, of course because they are associated with oil industry.
The research showed also that the hackers most commonly target the government and financial institutions because of political motives or ransomware.
Now why the hackers attack those different sectors? Actually there is so many reasons, but the most interest in such categories is getting data and access.
A third of all advertisements are related to data: corporate databases and account data, including bank accounts. Attacking corporate web resources, hackers gain information that may contain personal data and credentials of employees and clients. The data may be later used by other malicious actors to attack organizations.
As we see 22% of all advertisements offer access to infrastructure of organizations in different sectors. Access and data are highly interconnected. Attackers obtain access on forums and use it to infiltrate a company’s infrastructure to perform further attacks on the company network. As a result, attackers may gain data that is later sold on forums or distributed for free.
Every third advertisement with an access offer gives an opportunity to connect to a company network with the use of VPN or RDP.
The below figure shows the percentage for a different access types
The cost of access ranges from $35 to $40,000. At the same time, in most cases (49%) the cost of access is below average and ranges from $100 to $1000.
The study showed us that At the end of 2022 and in the beginning of 2023 the number of messages in the access category reached its maximum.
As a conclusion we can see that it is easier to access the company resources and data with the large numbers of the low cost offers as we saw, therefore, a company’s cybersecurity strategy should consider all possible threats and attacks scenarios and use updated and new security tools, such as: SIEM, XDR, NTA and more.