Work-from-home enhances risk of hacking for Indian businesses

Access to over 50 networks of major companies was for sale on the dark web by the end of 2019.

Access to over 50 networks of major companies was for sale on the dark web by the end of 2019.   | Photo Credit: anyaberkut

Offers to sell access to hacked sites up 62% in first quarter of 2020, reveals study

The increasing shift towards a work-from-home culture could raise hacking incidents and data security risks for businesses, according to cyber security experts.

Offers to sell access to hacked corporate networks on the dark web went up by 62% in the first quarter of 2020, compared to the same period in the previous year, according to a recent study by a global cyber security firm. While 8.1% of the companies hacked around the world last year were Indian, the number could rise with the work-from-home phenomenon, experts reckon.

The study into ‘access for sale’ based on observations of the dark web was conducted by Positive Technologies, a London-based cyber security firm, which released its report on Wednesday. The report says the dark web is “packed with offers to purchase access to corporate networks.”

The dark web, as the name suggests, allows users to remain untraceable, and is used for illegal activity.

According to the report, while earlier, cyber criminals were more interested in selling or buying access to individual networks, the trend shifted to corporate networks in the second half of 2019. With demand growing, access to over 50 networks of major companies around the world was available for sale on the dark web by the end of last year.

“The first ones to use this scheme were ransomware operators, who bought access for a fixed price from one set of criminals and then hired other criminals to infect local networks with malware in return for a large percentage of the victim’s ransom. On dark web forums, this set-up is known as a ‘ransomware affiliate programme’,” the report said.

U.S.-based companies were the biggest targets, with those in the U.K., Italy and Brazil following close. India, along with Spain and Poland, had 8.1% such companies in the list.

The concern is that with more companies promoting work-from-home culture, the absence of basic cyber security hygiene may lead to this number growing. Most Indian users do not follow basic security measures like changing passwords often or not opening unverified links on email, officials said.

“Any unsecured machine connected to the network can end up compromising it, granting access to hackers. Basic cybersecurity hygiene like changing passwords constantly, using only secure internet connections and not opening unverified content on the part of each cog in the machine can go a long way in ensuring network security,” said Special Inspector General of Police and cyber expert Brijesh Singh.

“Large companies stand to become a source of easy money for low-skilled hackers. Now that so many employees are working from home, hackers will look for any and all security lapses on the network perimeter,” said Vadim Solovyov, senior analyst with Positive Technologies, in a statement released on Wednesday.

The larger the hacked company and the higher the privileges, the more profitable the attack becomes, he said. To stay safe, companies should ensure comprehensive infrastructure protection, making sure that all services on the perimeter are protected and security events on the local network are monitored to detect intruders in time. “Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes,” he said.

Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | Jul 14, 2020 7:07:20 PM |

Next Story