New breed of cybercriminal breaches organizations then sells access
Entrepreneurial cybercriminals are operating as middlemen by breaching as many companies as possible and then selling on access to the highest bidder rather than infiltrating systems themselves.
New research from Digital Shadows reveals that these 'Initial Access Brokers' are flourishing during the pandemic as employees increasingly log in to systems remotely.
This type of brokerage has been going on since 2016, but in the last year there's been a notable increase in activity and listings. Many dark web marketplaces have reorganized to place these advertisements into dedicated sections and there are currently around 500 in a snapshot that Digital Shadows has taken of the most popular forums. Many sellers have good feedback ratings from other criminals too, indicating their claims are genuine.
The average selling price for access to an organization is $7,100 with the price based on revenue, type of access sold, number of employees, and number of devices accessible. RDP (remote desktop protocol), access enables an attacker to take over a victim's computer and is the most common type listed, at 17 percent of the total.
Domain administrator access is also prized and makes up 16 percent of the listings with an average price of $8,187. Listings for VPN access have boomed on the back of increased remote working and will grant access to an organization's company network for an average price of $2,871. This accounts for 15 percent of the total with Citrix access (seven percent), control panel (six percent), content management systems (five percent), and shell access (five percent) also exploits advertised.
"The dramatic increase in remote working coupled with ransomware's commercial success has been a perfect storm of opportunity for initial access brokers," Rick Holland, CISO at Digital Shadows, says. "These actors are cashing in because of the flourishing demand and their specialization. They concentrate on one aspect of the cybercriminal ecosystem, gaining access to your network, and they do it very well. They then pass the baton on to other criminals and move on to their next target. Due to their ability to successfully compromise organizations of all sizes, initial access brokers' prominence has increased within the cybercriminal underground."
You can get the full report from the Digital Shadows site.