Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity & Business Resilience

8 companies per day have data uploaded to dedicated leak sites

By Security Staff
computer screen with code

Image via Unsplash

January 31, 2023

The number of companies that had their information uploaded onto dedicated leak sites (DLS) between the second half of the financial year (H2) 2021 and the first half of the financial year (H1) 2022 was up 22%, year on year, to 2,886, which amounts to an average of eight companies having their data leaked online every day, says a recent report, Hi-Tech Crime Trends 2022/2023, by Group-IB’s Threat Intelligence division.

One of the driving factors of this trend is the ever-increasing impact of affiliate programs, also known as the Ransomware as a Service (RaaS) model. Over the past year, ransom demands from cybercriminals operating according to the RaaS framework have risen significantly.

For the second consecutive year, researchers observed the increasing impact of initial access brokers (IABs) on the ransomware market. The report noted 2,348 instances of corporate access being sold on dark web forums or privately by IABs, twice the amount of the preceding period. The number of brokers also grew from 262 to 380 over this period, leading to a drop in prices. The average price for one access fell by around 50% to $2,800 making the attacks of ransomware gangs and other threat actors more affordable. The increased number of offers coupled with the reduced average price brought the size of the initial access market down by 8.5% to $6,555,332. U.S. networks and manufacturing companies became the most sought-after target. Compromised remote desktop protocol (RDP) (36%) and virtual private network (VPN) (37%) accounts became the types of access most frequently offered for sale, according to the report.

IABs expand worldwide presence

Of the 2,348 instances of corporate access being offered for sale during the period from H2 2021 to H1 2022, 2,111 offers contained information about the country, and 1,532 specified the victim’s industry. And, IABs have significantly expanded their presence worldwide. The number of countries where they broke into corporate networks increased by 41% from 68 to 96 during H2 2021 to H1 2022. U.S.-based companies were the most popular commodity among the IABs, with almost a quarter of all discovered access offers related to U.S. companies (558). According to the report, the industries most affected by IABs were manufacturing (5.8% of all companies), financial services (5.1%), real estate (4.6%) and education (4.2%).

Report researchers also collected information on the types and rights of access offered on dark web forums. They identified a total of 1,757 offers containing information about the access type and 1,329 ads with information relating to privileges. Overall, 70% of the access types put up for sale were RDP and VPN accounts, underscoring the importance of having an up-to-date digital asset inventory. Access with administrator rights (local administrators in the case of Active Directory) was the most commonly offered, accounting for 47% of all ads. In 0.5% of cases analyzed, cybercriminals were able to obtain enterprise admin rights.

In addition to dark web forums, IABs also buy and sell access on underground markets, which are automated platforms for trading any type of data, including bank card details, access to personal and corporate accounts, RDP, access to servers and website administrator panels. During the review period, Group-IB detected over 290,000 web shells and 65,000 instances of RDP access being sold on cybercriminal markets. Web shells are malicious scripts that allow cybercriminals to maintain persistent access on compromised web servers.

Increasing use of ransomware

Across the globe, 2,886 companies had their information, files and data published on ransomware DLS between H2 2021 and H1 2022, a 22% increase compared to the 2,371 companies affected during the previous period (H2 2020 to H1 2021). The report noted that the actual number of ransomware attacks is believed to be significantly higher as many victims pay the ransom and some ransomware gangs do not use DLS. As with the preceding year, the number of ransomware-related data leaks peaked in the final quarter of 2021, when the data of 881 companies was shared on dedicated leak sites.

Report analysts were also able to discover that companies based in North America (54.5% of companies whose data was leaked by ransomware gangs) and Europe (29.7%) were the most affected. When data from companies in individual countries is taken into account, it appears that ransomware gangs often targeted companies in the U.S. A total of 1,237 U.S.-based companies (43% of the global total), had their data published on DLS between H2 2021 and H1 2022. Rounding out the five most-affected countries are Germany (147 companies), United Kingdom (138), Canada (128) and Italy (124). The report revealed that, globally, the largest number of ransomware-related data leak victims were found in the following sectors: manufacturing (295 companies), real estate (291), professional services (226) and transportation industries (224).

More details from the report can be found here.

KEYWORDS: Dark Web data initial access brokers (IABs) Networks ransomware research

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber6-900px.jpg

    Two Out of Three Hotels Inadvertently Leak Guests' Private Data

    See More
  • Laptop open on desk next to lamp

    94% of Fortune 50 Companies Have Employee Identity Data Exposed by Phishing Attacks

    See More
  • Security Newswire

    Day Care Sites to Get ID Scanners

    See More

Related Products

See More Products
  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing