In the ever-evolving cybercrime economy, full administrative access to small and medium-sized businesses (SMBs) is now being openly sold on darknet marketplaces for as little as $600, according to a recent report from the Guardz Research Unit.
The investigation uncovered a disturbing rise in hackers-for-hire operating under the Cybercrime-as-a-Service (CaaS) model, targeting businesses with minimal cybersecurity protections—particularly accounting firms, legal offices, and consulting agencies. These listings offer not just data dumps or stolen credentials, but complete entry into a company’s internal systems, often through ransomware backdoors, unpatched software vulnerabilities, or compromised admin accounts.
One specific dark web post highlighted in the report offered administrator-level access to a U.S.-based law firm’s network for just $600, underscoring how easily critical business infrastructure is being monetized on underground forums.
Tal Eisner, VP of product marketing at Guardz, told TorNews.org that smaller businesses are now prime targets, not only due to the sensitive data they hold—like financial records, contracts, and customer databases—but also because of their limited budgets, lack of in-house security teams, and poor patching practices.
“Cybercriminals are treating small businesses like goldmines—because they can,” Eisner explained. “They’re easier to compromise, often unaware of the breach, and hold enough valuable data to justify the low investment.”
Unlike sophisticated state-backed actors or elite hacking crews, these freelance digital mercenaries are part of a growing CaaS marketplace, where buyers can request custom intrusions, phishing kits, ransomware deployments, or network access tokens on demand.
Access listings often include:
- Company name and region
- Internal IP ranges
- Credentials (plaintext or hashed)
- VPN or RDP details
- Level of privilege (e.g., user vs. admin)
These bundles are commonly sold with a disclaimer: “Not responsible for consequences. Access verified.” Payment is usually accepted in Bitcoin or Monero, and access is often offered with a limited-use guarantee (e.g., 48-hour access window).
Security experts warn that SMBs remain overlooked victims in broader cyber defense policies, yet they are frequently exploited as launchpads for larger supply chain attacks. A compromised law firm, for example, could lead to breaches in court systems, enterprise clients, or public institutions.
As cybercriminal marketplaces continue to thrive, researchers say the price of digital intrusion is getting cheaper—while the cost for victims keeps rising.
