Initial Access Brokers refine their ransomware-as-a-service model
We've looked before at the phenomenon of Initial Access Brokers, cybercriminals who breach systems and then sell access to the highest bidder.
It seems that during the pandemic IABs have been busy improving their business model. New research from threat intelligence company KELA shows that pricing is often determined by company size and the level of privilege on offer within the compromised network, with $5,400 as the average price for network access, and $1,000 as the median price.
Among the highest prices identified were 12 Bitcoin for access to a $500 million company and $100,000 for access to a national government organization.
The largest percentage of IAB victims are located in the US with others in France, UK, Australia, Canada, Italy, Brazil, Spain, Germany and UAE. The report also highlights a new trend of IABs using their access to steal from the victims themselves before posting it for sale.
KELA has observed some successful IABs changing their sales methods too, moving away from public forums to private channels with trusted buyers. Now, as the economy continues to grow, there are not only new trends emerging among existing IABs, but many new sellers entering the market.
"While remote work became mandatory in 2020, ransomware and associated criminal businesses also saw significant growth. In the last year, IABs have become key components of the ransomware-as-a-service ecosystem, making malicious network access easy and lucrative for many of today’s leading attacks. Our researchers were particularly interested in exploring our extensive dark web data to understand how the shift in the real world gave way to the cybercrime underground," says Aviad Gal, head of product at KELA. "Now with LUMINT, our complimentary offering, customers can also gain direct access to a window of the information our analysts uncover and synthesize every day. We are excited to empower all organizations -- from small businesses to the largest enterprises -- with the information they need to defend against the continual mounting cyber threats."