The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks.
Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors. On underground criminal forums, these transactions allow actors with complementary skills to collaborate, amplifying the impact and reach of cyberattacks. The market for such access has grown notably, especially as ransomware operators increasingly employ double-extortion tactics.
Read more…
Source: Rapid7
Related:
- Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
December 13, 2018
On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) and applications like collaboration and web server-based software. The exploit toolkit includes EternalBlue, ...
- Operation Sharpshooter Uses Fileless Malware to Attack Global Infrastructure
December 12, 2018
The McAfee Advanced Threat Research team detected a malware campaign dubbed Operation Sharpshooter which attacked nuclear, defense, energy, and financial targets from all over the world. As detailed by McAfee’s research team, the campaign dubbed “Operation Sharpshooter” makes use of an in-memory essential to download and execute a second stage payload named Rising Sun. Moreover, the Rising Sun implant ...
- Large Organizations Face Up to Several Million Targeted Bot Attacks per Day
December 12, 2018
According to an Osterman Research report, 211 large organizations with a mean of 16,822 employees have reported that during most weeks they experienced an average of 3,700 bot attacks targeting Internet exposed web apps. Bot attacks (also known as botnet attacks) make use of large numbers of connected computers to try and take down entire networks, websites, ...
- Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure
December 11, 2018
Nation-state conflict has come to dominate many of the policy discussions and much of the strategic thinking about cybersecurity. When events of geopolitical significance hit the papers, researchers look for parallel signs of sub rosa cyber activity carried out by state-sponsored threat actors—espionage, sabotage, coercion, information operations—to complete the picture. After all, behind every story may lurk ...
- Saipem servers suffer cyber attack in Middle East
December 10, 2018
Italian oil services company Saipem (SPMI.MI) said it had identified a cyber attack out of India on Monday that had primarily affected its servers in the Middle East. “We are collecting all the elements useful for assessing the impact on our infrastructures and the actions to be taken to restore normal activities,” the firm said in ...
- Old-School Bagle Worm Spotted in Modern Spam Campaigns
December 10, 2018
Fresh mass-email campaigns spreading the long-running Bagle worm have recently been spotted, affecting Microsoft Windows machines. These appear to be a throwback to an earlier time. Also referred to as Beagle, Bagel contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the ...