More and more cybercriminals are selling access to compromised corporate networks, seeking to take advantage of the growing demand for vulnerable networks from groups seeking to launch ransomware attacks.
Researchers at cybersecurity firm Group-IB analyzed activity on underground forums and found a sharp increase in the number of offers to sell access to compromised corporate networks.
The number of such messages tripled between 2020 and 2021.
A clear trend
They claim to offer compromised virtual private network access and remote desktop access (RDP), as well as web shells, reverse shells, Cobalt Strike penetration testing tools, and more.
With this access, cybercriminals can access corporate networks and try to obtain usernames and passwords or administrator rights that allow them to have greater control of the network.
In the clandestine forums analyzed, the number of offers to sell access to corporate networks went from 362 to 1,099, tripling in just one year, and the report warns that this increase is “the” one of the clearest trends in hiding. forums ”.
A variable price
The sectors most affected by these access resales are industry, education, finance and healthcare.
The cost of access varies considerably. It can sometimes be offered for a few thousand dollars, an amount that a ransomware team could recover multiple times in the event of a successful attack. But there is a direct correlation between the value of access and the victim’s business income: the higher their income, the higher the price.
One of the main reasons for the increase in the number of vendors is the demand that comes from the growth of ransomware attacks. Ransomware groups need access to networks and acquiring access is easier and less time consuming than compromising the networks themselves.
“Ransomware operators are the main ‘clients’ of initial access broker services,” Dmitry Shestakov, head of cybercrime investigation at Group-IB, told ZDNet. “This unholy alliance between ransomware agents and ransomware-as-a-service affiliate program operators has led to the rise of the ransomware empire. “
Teleworking has facilitated the development of this cybercrime
The growth of the compromised access market is also explained by the fact that the skill threshold is relatively low to participate in this type of cybercrime. Less sophisticated cybercriminals can use phishing attacks or buy out-of-the-box malware to steal information.
The report also suggests that gaining that initial access has become easier due to the rise of telecommuting, leading many organizations to inadvertently use insecure or misconfigured applications that can be easily exploited by cybercriminals.
And as long as there are unsecured accessible networks and the demand from other cybercriminals to buy access to these networks, the market for access brokers is expected to continue to boom. “We expect the number of corridors and access offers to increase. As supply increases to meet demand, we expect the price of initial access to corporate networks to decrease, ”warns Dmitry Shestakov. “Ransomware will continue to be the primary means of monetizing access to corporate networks because it offers the best possible return on investment. “
Protect yourself from upward attacks
Organizations can take steps to prevent cybercriminals from entering the network and gaining access to credentials.
These are the main preventive measures to apply:
- install software updates and security patches on a regular and timely basis to protect against known vulnerabilities;
- encourage the use of strong passwords that are difficult to crack in brute force attacks;
- Apply multi-factor authentication to accounts so that if credentials are compromised, attackers have little opportunity to exploit them.
Rank Math Seo Pro Weadown, Wordfence Premium Nulled, Yoast Nulled, PHP Script, Fs Poster Plugin Nulled, Astra Pro Nulled,Woodmart Theme Nulled, Wpml Nulled, Avada 7.4 Nulled, Woodmart Theme Nulled, PW WooCommerce Gift Cards Pro Nulled, Elementor Pro Weadown, Newspaper – News & WooCommerce WordPress Theme, Nulledfire, Slider Revolution Nulled, Elementor Pro Weadown, Jnews 8.1.0 Nulled, WeaPlay, Business Consulting Nulled, WP Reset Pro, Newspaper 11.2, Flatsome Nulled, Woocommerce Custom Product Ad, Premium Addons for Elementor, Jannah Nulled, Consulting 6.1.4 Nulled, Plugins, WordPress Theme, Dokan Pro Nulled