Thriving market for access-as-a-service cybercrime

Thriving market for access-as-a-service cybercrime

Share post

Trend Micro Study: Thriving Access-as-a-Service Cybercrime Market Drives Ransomware Attacks. Germany is one of the hardest hit countries.

Trend Micro, one of the world's leading providers of cybersecurity solutions, publishes a new study shedding light on the opaque cybercrime supply chain that is driving the current rise in ransomware attacks. The demand has grown rapidly over the past two years, so that many cybercriminal markets now have their own "Access-as-a-Service" division.

Many new cybercriminal markets with “Access-as-a-Service”

The study is based on the analysis of more than 900 Access Broker listings from January up to and including August 2021 in various English and Russian-speaking cybercrime forums.

With 36 percent of advertisements worldwide, education is the industry most affected. It thus has more than three times the number of offers than the second and third most common target industries: Production and the service sector each account for 11 percent. The hardest hit countries include the United States, Spain, Germany, France and the United Kingdom. In Germany, the manufacturing industry is most affected with 28 percent of the offers, closely followed by education with 26 percent.

Incident response teams need to investigate attack chains

"The attention of the media and companies has so far been focused primarily on the ransomware payload, i.e. the transmission and encryption of the actual user data, although the main focus should first be on curbing the activities of initial access brokers (IAB)," emphasizes Richard Werner, Business Consultant at Trend Micro. “Incident response teams often need to examine two or more overlapping chains of attacks to identify the cause of a ransomware attack. This often complicates the entire incident response process. If it is possible to monitor the activities of access brokers who steal and sell company network access, the ransomware actors can be deprived of the breeding ground. For this, everyone involved in IT security must work together, because many, even large companies, are not able to do this on their own. "

The report shows three main types of access brokers

  • Opportunistic sellerwho focus on quick profit and are still active in other areas of cybercrime.
  • Dedicated brokers are advanced and accomplished hackers who provide access to a wide variety of companies. Their services are often used by smaller ransomware actors and groups.
  • Online Storeswho offer Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) access data. These specialized shops only guarantee access to a single computer, but not to a comprehensive network or entire company. However, they do give less experienced cybercriminals a simple and automated way of gaining access. They can even search specifically for location, Internet Service Provider (ISP), operating system, port number, administrator rights or company name.

Most access broker offers contain a simple data set of access information, which can come from various sources. Common sources of data are previous security incidents and decrypted password hashes, compromised bot computers, exploited vulnerabilities in VPN gateways or web servers, and individual opportunistic attacks.

Low prices for stolen RDP accounts

Black market prices for RDP access are extremely cheap (Image: Trend Micro).

The prices vary depending on the type of access (individual computer or an entire network or company), the annual turnover of the company and the amount of additional work to be performed by the buyer. While RDP access can be purchased for ten dollars, the price for administrator access data to a company is on average 8.500 dollars. For particularly attractive victims, prices can go up to $ 100.000.

Trend Micro recommends the following security strategies for defense:

  • Monitor publicly known security incidents.
  • Reset all user passwords if there is any suspicion that corporate credentials may be compromised.
  • Use multi-factor authentication (MFA).
  • Look for anomalies in user behavior.
  • Pay attention to your Demilitarized Zone (DMZ) and take into account that internet-based services such as VPN, webmail and web servers are subject to constant attacks.
  • Implement network and microsegmentation.
  • Implement proven password guidelines.
  • Proceed according to the zero trust principle.

For More Information: The full Investigating the Emerging Access-as-a-Service Market report is available in English on the Trend Micro website.

More at TrendMicro.com

 


About Trend Micro

As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.


 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more