Jump to content

New breed of cybercriminal breaches organizations then sells access


Recommended Posts

New breed of cybercriminal breaches organizations then sells access

 

Money-exchange-640x425.jpg

 

Entrepreneurial cybercriminals are operating as middlemen by breaching as many companies as possible and then selling on access to the highest bidder rather than infiltrating systems themselves.

 

New research from Digital Shadows reveals that these 'Initial Access Brokers' are flourishing during the pandemic as employees increasingly log in to systems remotely.

 

This type of brokerage has been going on since 2016, but in the last year there's been a notable increase in activity and listings. Many dark web marketplaces have reorganized to place these advertisements into dedicated sections and there are currently around 500 in a snapshot that Digital Shadows has taken of the most popular forums. Many sellers have good feedback ratings from other criminals too, indicating their claims are genuine.

 

The average selling price for access to an organization is $7,100 with the price based on revenue, type of access sold, number of employees, and number of devices accessible. RDP (remote desktop protocol), access enables an attacker to take over a victim's computer and is the most common type listed, at 17 percent of the total.

 

Domain administrator access is also prized and makes up 16 percent of the listings with an average price of $8,187. Listings for VPN access have boomed on the back of increased remote working and will grant access to an organization's company network for an average price of $2,871. This accounts for 15 percent of the total with Citrix access (seven percent), control panel (six percent), content management systems (five percent), and shell access (five percent) also exploits advertised.

"The dramatic increase in remote working coupled with ransomware's commercial success has been a perfect storm of opportunity for initial access brokers," Rick Holland, CISO at Digital Shadows, says. "These actors are cashing in because of the flourishing demand and their specialization. They concentrate on one aspect of the cybercriminal ecosystem, gaining access to your network, and they do it very well. They then pass the baton on to other criminals and move on to their next target. Due to their ability to successfully compromise organizations of all sizes, initial access brokers' prominence has increased within the cybercriminal underground."

 

You can get the full report from the Digital Shadows site.

 

 

Source: New breed of cybercriminal breaches organizations then sells access

Link to post
Share on other sites
  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

  • mood

    1

Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...