Enterprise network access for sale on underground forums
We know that cyber criminals are increasingly operating in a businesslike way and using underground marketplaces to sell services and information.
A new report from threat intelligence specialist IntSights looks at one particular aspect of this trend which is the sale of access to already compromised networks.
These offerings often include a combination of remote access into a network along with administrator credentials or other highly privileged accounts. The shift to remote working during the COVID-19 pandemic and the resulting increase in the use of remote access tools and services has also given attackers a wider attack surface to exploit, which has driven an increase in these sales in the past 18 months.
The phenomenon predates the pandemic, but it has matured and taken on a life of its own in 2020, with some underground criminal forums beginning to dedicate specific sections to offering network access.
"Previously it was just a way for criminals to monetize access that they had, but then they realised that they could use it optimally," says Paul Prudhomme, head of threat intelligence advisory at IntSights. "Now, there are people who invest enough effort into it that it has become their full time job and their specialty, so to speak, in other words they've built a business around it. And it's not just selling the occasional random thing that they don't need just to try to make money off something that was otherwise a waste of time. Now it's becoming a full scale business, there are specialised vendors in there that have built a brand name and reputation for themselves with very distinctive packages that they use to sell this access."
Technology and telecommunications is the most frequently affected industry, representing 10 of the 46 victims analyzed (22 percent). Three other industries tie for a close second place, with nine victims each: financial services, healthcare and pharmaceuticals, and energy and
industrials (19.5 percent each). Other affected industries include automotive (nine percent), retail and hospitality (6.5 percent), and professional services (4 percent).
Tech and telecoms businesses are popular says Prudhomme because, "You can do things like SIM swapping to install banking Trojans or to steal bank accounts, phone and email traffic, or you can do a technology supply chain attack, as we've been seeing with incidents like SolarWinds and so on. That's why I believe that the asking prices for this sector are a bit higher."
You can get the full whitepaper from the IntSights site.