Ransomware Gangs Presented with Embarras de Choix

Ransomware operators have been wreaking havoc since the year started. In the past 6 months, multibillion-dollar organizations were attacked, resulting in disruption of services and loss of revenue. Now, the cybercriminals behind these attacks have lots of options to access corporate networks.

How, you ask?

Network access selling. A recent report published by Accenture states that outsourced network hacking is a thriving business. Network access sellers are people who have breached a firm’s network and are now handing over the access to whoever bids the highest.

Recent instances

  • Recently, a Russian-speaking threat actor was found selling a zero-day exploit for quite a hefty amount. However, the threat actor ended up breaching the network themselves and later, started selling the network access.
  • The Pioneer Kitten APT group was observed selling corporate credentials on an underground forum.

Why sell network access?

The primary motive behind network access selling is quite possibly the diversification of the revenue stream. Furthermore, a successful attack is reliant on several factors, including the maintenance of stable network access. This, in turn, comes with the requirement of time and effort, along with the risk of being detected. Network access sellers fulfill these criteria at a price.

What does this imply?

Although RDP connections still remain the most popular attack vector, it is clearly observable that threat actors are diversifying their TTPs. This poses the risk of disrupting current defenses against such threats and expands the organizational attack surface.

The bottom line

With the constantly evolving threat landscape, the ecosystem has become highly destructive and noxious. Thus, experts advise businesses to take a proactive approach to hunting and monitoring the dark web and identify threats.