- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
- 구글 클라우드, 구글 워크스페이스용 제미나이 사이드 패널에 한국어 지원 추가
- The best MagSafe accessories of 2024: Expert tested and reviewed
- Threads will show you more from accounts you follow now - like Bluesky already does
Initial Access Broker Activity Doubles in a Year
Security researchers detected twice as many cases of corporate access being sold on the dark web by initial access brokers (IABs) last year as during the previous 12 months, with the number of brokers also surging.
Group-IB spotted 2348 instances of IAB sales activity between H2 2021 and H1 2022, with the number of countries in which victim organizations are located also increasing – by 41% to a total of 96 during the period.
US companies were the most popular targets, while in terms of sectors it was manufacturing (5.8%), financial services (5.1%), real estate (4.6%) and education (4.2%) that were most frequently targeted.
Compromised RDP (36%) and VPN (37%) accounts were most commonly offered by IABs, according to Group-IB’s report, Hi-Tech Crime Trends 2022/2023.
The number of brokers also grew, from 262 to 380 during the period, which led to a 50% drop in prices for IAB access to $2800. That led to a slight shrinking of the size of the global IAB market – down by 8.5% to $6.7m.
Group-IB also found the IAB market increasingly saturated with logs obtained by information-stealing malware. It detected over 96 million up for sale, including 400,000 highly sought-after Single Sign-On (SSO) logs, of the sort purchased by the threat actor behind the recent Uber breach for just $20.
These offerings are democratizing cybercrime to those with limited technical skills, warned Group-IB CEO, Dmitry Volkov.
“With remote work and SSO services becoming more prevalent, instances of access to corporate networks started appearing in stealer logs more often. Attacks on companies through their employees will become one of the main infection vectors,” he warned.
“A silver bullet against such attacks doesn’t exist. The trend highlights the need for companies to improve their cybersecurity across all layers, including training employees to respond to social engineering, enhancing detection and response capabilities, and of course, monitoring the cyber-criminal underground for compromised employee records and offers to sell access to their networks.”
Thanks in part to a thriving IAB market, ransomware actors increased their victim count last year.
Some 2886 companies had sensitive data published on ransomware leak sites over the reporting period, a 22% increase on the previous year. However, many more victims may exist which didn’t feature on such sites, as they paid up straight away.
