Ransomware buying access to hacked networks on the dark web
Ransomware buying access to hacked networks
Researchers at the consulting company Accenture assessed the situation with the sale of access to hacked networks on dark websites. As it turned out, in three years the demand for this “product” has grown significantly. And such offers are of great interest to distributors of ransomware.
Outsourcing of gaining access to the corporate network relieves such attackers from the time-consuming and overhead stage preceding a targeted attack. In addition to cracking, the preparations for the attack generally also imply consolidation of the network and the lateral promotion network of the victim for the purpose of distributing malware to other machines
According to a study conducted by Accenture, the number of offers for the sale of network access in the dark web is growing steadily, while in 2017 they occupied a very modest niche in the market. Sellers usually post such announcements on closed forums in a single thread – for the convenience of buyers –
INFORMATION ACCOMPANY HACKED NETWORKS ON THE DARK WEB
- victim specialization (vertical);
- the countries in which it does business;
- type of network access (RDP, VPN, etc.);
- the number of machines in the network;
- additional information (for example, number of employees, income).
This packet is usually sufficient to identify the victim.
As of September of this year, researchers have counted a dozen or so regular network access sellers in online dark web markets. Offering it at prices ranging from $ 300 to $ 10,000. Depending on the size of the network and the target company’s revenue. It is noteworthy that those forums where such hackers live are also full of advertisements for the distribution services of Maze, Lock bit, Abaddon, Exorcist, NetWalker, and Sodinokibi. Including other ransomware aimed at corporate networks. Although the link between selling network access. And a specific cyber attack is difficult to establish. Researchers believe that some ransomware operators regularly take advantage of the outsourcing option.
Analysts also determined that networks are currently hacked using the RDP protocol. Less often through vulnerabilities in Citrix and Pulse Secure VPN clients. Apparently, hackers are taking advantage of the fact that, due to the threat of COVID-19. Also, many companies have transferred employees to remote work, and the need for tools to access workplaces has increased greatly.
Attackers have also begun using zero-day exploits to hack networks for commercial purposes, and several vendors. According to Accenture, are trying to adapt the recently leaked Cerberus source code for these needs.
Furthermore, the researchers expect that the mutually beneficial relationship between network access sellers and ransomware distributors will grow stronger over time, so they recommend that businesses take the following measures:
MEASURES FOR BUSINESS IN THE DARK WEB
- establish monitoring of the dark web in order to timely identify potential threats;
- regularly back up important files and isolate the storage from the network;
- update antiviruses in automatic mode and provide scheduled scans;
- regularly check the logs for signs of the presence of known ransomware;
- draw up an action plan for responding to cyber incidents and quickly restoring the normal operation of the enterprise;
- conduct training for employees, teaching them the rules of safe use of email and helping to recognize malicious emails.
Our services are not free and the payment is in advance
If you don’t trust our services, do not contact us, since we don’t have free services
You can also check out our Instant money transfer services available worldwide.
Good Luck!