Thriving Cybercrime Access as a Service Market Fuels Ransomware Attacks


DALLAS, December 1, 2021 / PRNewswire / – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity, released a new study detailing the murky supply chain of cybercrime behind much of the recent surge in attacks of ransomware. Demand has grown so much over the past two years that many cybercriminal markets now have their own “Access-as-a-Service” sections.

To read a full copy of the report, Access as a service, please visit:

“Media and corporate cybersecurity attention has focused only on the ransomware payload when we first need to focus on mitigating initial access broker activity,” said David Sancho, senior threat researcher for Trend Micro. “Responders often have to investigate two or more overlapping attack chains to identify the root cause of a ransomware attack, which often complicates the overall IR process. Teams could get ahead of this problem by monitoring the activity of access brokers who steal and sell companies access to the network – essentially cutting off the supply of ransomware players. “

The research is based on an analysis of over 900 broker listings from January to August 2021 on several cybercrime forums in English and Russian.

Education was the most frequently featured sector, accounting for 36% of advertisements, more than triple the second and third most targeted industries, manufacturing and professional services, which both account for 11%.

The report reveals three main types of access brokers:

  • Opportunistic sellers who focus on making a quick profit and don’t spend all of their time on access.
  • Dedicated brokers are sophisticated and skilled hackers who provide access to a range of different companies. Their services are often used by affiliates and smaller ransomware groups.
  • Online stores that offer RDP and VPN credentials. These dedicated stores only guarantee access to a single machine rather than an entire network or organization. However, they represent a simple and automated way for less skilled cybercriminals to purchase access. They can even search by location, ISP, operating system, port number, administrator rights, or company name.

Most Access Broker offerings involve a simple set of credentials that can come from: previous violations and password hash breaking; compromised bot computers; exploitation of vulnerabilities on VPN gateways, web servers, etc. ; or occasional opportunistic attacks.

Prices vary depending on the type of access (single machine or full network / enterprise), the annual turnover of the enterprise, and the amount of additional work that the buyer needs to do. Although RDP access can be obtained for as little as $ 10, the average price for administrator credentials in a company is around $ 8,500. However, prices can reach up to $ 100,000.

Trend Micro recommends the following strategies for advocates:

  • Monitor public violations
  • Trigger a password reset for all users if you suspect company credentials might be breached
  • Configure Multi-Factor Authentication (MFA)
  • Monitor user behavior
  • Monitor the DMZ and assume internet services like VPN, webmail, and web servers are under constant attack
  • Implement network segmentation and micro-segmentation
  • Deploy the best password policies
  • Implement some form of zero trust architecture

About Trend Micro
Trend Micro, a global leader in cybersecurity, helps secure the world for the exchange of digital information. Fueled by decades of security expertise, global threat research and continuous innovation, Trend Micro’s cybersecurity platform protects hundreds of thousands of organizations and millions of people across clouds, networks, devices and terminals. As a leader in cloud and enterprise cybersecurity, the platform offers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft and Google, as well as central visibility for detection. and better and faster response. With 7,000 employees in 65 countries, Trend Micro enables businesses to simplify and secure their connected world.

SOURCE Trend Micro Embedded

Related links


Comments are closed.