Access to networks sold for up to five figures
- Researchers from Rapid7’s IntSights revealed that underground criminals are selling unauthorized access to compromised enterprise networks for up to $10,000.
- They analyzed around 46 samples for network access on underground forums between September 2019 and May 2021, and found that the average price for these samples was set at approximately $9,640 and the median price at $3,000.
- In September 2020, Russian-speaking threat actor ‘hardknocklife’ auctioned off RDP access to a U.S. hospital’s network between $500 and $5,000. The access eventually yielded patient records that contained birthdates, social security numbers, and other information.
- In another example, another Russian-speaking TrueFighter cybercriminal had sold the information of an American hospital with $60 in revenue.
Ransomware gangs making the most of it
- With ransomware-as-a-service gaining traction in underground markets, ransomware gangs are also looking for ways to divert their profits into CaaS business schemes.
- Lately, the BlackMatter ransomware gang had displayed its willingness to spend between $3,000 and $100,000 to buy access to networks in the U.S., Canada, Australia, and the U.K.
- The gang meant serious business and to highlight that, it deposited four bitcoins ($120,000) in Exile hacking forum’s cryptocurrency wallet.
The concerning factor
- In addition to the booming sale of network access, underground markets are also witnessing the emergence of new attack techniques and channels that can be used for various malicious purposes.
- Researchers from Group-IB discovered a new cybercrime service dubbed Prometheus Traffic Distribution System (TDS) that helped attackers distribute malware strains such as Campo Loader, QBot, IcedID, Buer Loader, and SocGholish.
- It was being promoted on cybercrime forums at the price tag of $30 for 2 days of access to the platform or $250 for month-long access.
- In a different incident, an anonymous hacker had offered a PoC for a new technique for sale that could allow cybercriminals to execute malware from GPUs.