[BreachExchange] Underground Criminals Selling Stolen Network Access to Third Parties for up to $10, 000

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Fri Aug 13 11:48:44 EDT 2021


https://www.ehackingnews.com/2021/08/underground-criminals-selling-stolen.html

Cybersecurity firm Intsights published a new report that highlights the
vibrant marketplaces on the dark web where attackers can buy or sell what
they needed to target an organization.

Paul Prudhomme, a cybersecurity advisor at IntSights, analyzed several
underground exchanges on Russian and English-language platforms where
stolen credentials and network compromises are traded. The underground
criminals sell stolen network access to third parties for up to $10,000.
The prices are also influenced by location and industry.

“Some cyber-criminals specialize in network compromises and sell the access
that they have obtained to third parties, rather than exploiting the
networks themselves,” researchers explained. “By the same token, many
criminals that exploit compromised networks — particularly ransomware
operators — do not compromise those networks themselves but instead buy
their access from other attackers.”

According to researchers, cybercriminal groups rarely possess a team of
attackers experienced in each stage of an attack, making dark web platforms
ideal to sell or buy malware payloads, hosting infrastructure, and access
to abused networks.

“In September 2020, Russian-speaking username “hardknocklife” auctioned off
remote desktop protocol (RDP) access to a U.S. hospital. He mentioned as a
selling point that this RDP access yielded patient records, in which he
reportedly had no interest,” researchers added.

“US patient records from healthcare organizations are a valuable resource
for identity thieves and other fraudsters because they contain dates of
birth, social security numbers, and other personal details that they can
use for fraudulent credit applications and other malicious purposes,” they
went on to say. “This seller could have mined or monetized that data
himself but lacked interest in doing so, perhaps because he could be more
productive as an intruder than a fraudster, or because he lacked the fraud
or criminal business skills to do so.”

This information started at the low price of $500 in the auction but was
sold at a ten times higher rate of $5000. Researchers examined a sample of
46 sales of network access on underground forums between September 2019 and
May 2021. The sample included 30 offerings from Russian-language forums
(65%) and 16 offerings from English-language forums (35%).

The primary target of underground criminals is the Tech & telecoms industry
(22%), followed by Financial Services, Healthcare & Pharma, and Energy and
Industrials, all on 19.5%. There is no surprise in these numbers. They
match industry risk from other reports. What is perhaps a surprise is the
emergence of automotive (9%) in fifth place.

IntSights researchers analyzed 46 separate offers to sell network access.
In the majority of cases (40 out of 46), the location was mentioned. North
America with 37.5% was at the top of the list followed by Europe, the Asia
Pacific and the Middle East/North Africa accounted for 17.5% each, with
Latin America just 10%.

“Criminals typically prefer victims in wealthier countries with advanced
economies, as they are generally more lucrative. Prices for access to
healthcare organizations also trend lower due to the perception that they
are easier to compromise,” researchers concluded.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210813/30f53dd6/attachment.html>


More information about the BreachExchange mailing list