Kaspersky: $2,100 Is The Average Price For Access To Corporate Data On Dark Web In Middle East, Turkey And Africa Region


Nov. 23, 2022, 11:57 a.m.

Sensitive data stolen from companies during cyberattacks often ends up on Dark web markets and forums. With the rise of cybercrime as a service business model, Kaspersky researchers found that not only corporate data itself is for sale, but also the information necessary for access to corporate networks to organize that attack. Globally the average cost for access to corporate systems ranges from $2,000 to $4,000, and in the META region, the average price for access to corporate infrastructure is $2,100. This is relatively inexpensive compared to the possible damage to the targeted business. Such services are of prime interest to ransomware operators, whose profit may reach tens of millions of dollars a year.

The Dark web is a common term that is used to describe different resources used by cybercriminals – forums, instant messengers, Tor websites, blogs, Pastebin and similar websites, and others. The Dark web is also a multifunctional platform and market for any need – from attack preparation to money withdrawal.

Ways the attackers can get access to corporate data

The first way is by exploiting vulnerabilities in the network perimeter. These can be unpatched software with available exploits, vulnerabilities in web applications, misconfigured services, or zero-day¹ vulnerabilities.

Another way is by phishing attacks. Most common attack scenarios include fake business correspondence from partners, fake links for online meetings or documents, and COVID-related emails. 

Finally, access can be gained by infecting user devices (personal or corporate ones) with a data stealer. Data gets stolen while users continue to work on their devices, then the stolen data is transferred to Command and Control servers, packed in files, which are then published on Dark web forums and put on sale. In South Africa, 1,270,617 accounts of users were stolen this way in 2021-2022. In Kenya, 375,011 accounts of users were stolen during the same period.

Selling access on the dark web

Once an attacker gains access to the organization’s infrastructure, they can then sell this access to other advanced cybercriminals, for example, ransomware operators. The price for accessing potential victims’ systems is relatively inexpensive when compared to the possible damage that can be done afterward. The average cost for access to a company’s systems lies in the range of $2,000 to $4,000. The cost of initial access depends on the victim company’s revenue and price. Globally 42% of all offers for the sale of access are cheaper than $1,000. The majority (75%) of all lots offer initial access through Remote Desktop Protocol (RDP), making access for buyers easy. Other types include access through virtual network computing services through web shell, Citrix access, or SQL injection.

Do you have an article that can be relevant to the African Tech space?

Submit your news stories, articles or press releases to


While companies from the META region account for 8% of all offers globally on the sale of access to the corporate infrastructure, their access is sold at a high price – the most expensive offer stood at $25 000. The average price for access to corporate infrastructure in the META region is $2,100. The most costly offers that were found were for companies from Saudi Arabia, the UAE, and Israel (starting from $5,000). Access to over 100 enterprises in META with an average revenue of $500 mln has been up for sale on the Darknet over the past 2 years.

Protecting businesses from dark web criminals

“While the Dark web seemed impossible to control in the past, now the situation is changing. Businesses can act to give fraudsters less opportunity to make dark web profits out of their data. Organizations should protect their data from being stolen with strong data security practices, including data encryption and educating employees on how to avoid accidentally giving cybercriminals access,” comments Yuliya Novikova, Head of Security Services Analysis at Kaspersky. “Dark web monitoring should be considered as a threat intelligence data source for cybersecurity staff – CTI analysts, SOC analysts, and others. It will allow the immediate reaction to security incidents such as offers on selling access to the company and help to prevent data breaches. Digital Footprint Intelligence introduced within the Kaspersky Threat Intelligence portal provides access to insights from a range of validated sources worldwide, allowing companies to mitigate the impact of cyberattacks and identify potential threats before they become incidents.”
¹A zero-day vulnerability is an unknown software bug discovered by attackers before the vendor has become aware of it. Since the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed unexpectedly.


tag: Kaspersky, Turkey, Dark Web, Corporate Data, Africa Region, Middle East,


Digital Times Africa Author

We curate relevant and credible content for startups, entrepreneurs and technology lovers in Africa.