The KELA report says that first access brokers on the underground forums continued to commit murder by selling initial network access (TPP) tactics, techniques, and procedures to various threat actors, including ransomware operators.
The report found that ransomware operators were increasingly reliant on purchased initial access as the primary entry point for corporate networks.
In addition, KELA found that some early access methods dominated the underground markets, becoming the traditional means of compromising networks.
KELA added that initial access sales of TTPs were increasingly aimed at private conversations to prevent interference from security researchers. KELA believes that monitoring the underground activities of access brokers has been critical to securing organizations.
Initial Access TTPs averaging over $ 6,500 totaling millions
Threat intelligence firm KELA found that nearly 250 first-time network hits were advertised for sale in the fourth quarter of 2020, totaling over $ 1.2 million.
Total sales averaged 80 first visits per month, of which 14% were confirmed as successfully sold. However, the total number of listings sold in the fourth quarter was 25% lower than what was seen in September 2020.
The cumulative total value for all first-time closed sales was $ 133,900. Each method of initial access averaged $ 6,684, with an average price of $ 1,500. The inexpensive TTPs enabled medium-sized companies with hundreds of employees to access domains. In almost a quarter (24%) of the offers, however, the price was not stated.
The maximum price was equivalent to 7 bitcoins while the lowest average was $ 15. The three most popular sales were valued at $ 35,000, 1 BTC, or $ 10,000.
Most TTP sales turn to private conversations on underground forums
According to the KELA report, the number of TTPs listed for initial access could be higher than stated as most transactions have been moved to private conversations. This development should avoid interruptions from security researchers, who frequently whistle about compromised networks.
« It appears that the initial network access market is larger than what we see in public conversations on underground forums, » noted Victoria Kivilevich, threat intelligence analyst at KELA. « To understand the real scope of the threats, it is necessary to keep track of notorious first-access brokers and their TTPs, to deal with them regularly and to identify new types of threats that may arise. »
RDP and VPN with RCE vulnerabilities are the most commonly used initial access methods
The report found that the attack surface increased in the fourth quarter of 2020 and access brokers were introducing newer initial access types.
However, the sale of vulnerabilities in the Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) areas continued to dominate the criminal underground forums. They made up about 45% of the initial access methods, making them the traditional unauthorized access methods.
Most VPN and RDP offerings had RCE (Remote Code Execution) vulnerabilities with access to Citrix network and virtualization products. The threat actors mainly offered them via ConnectWise and Teamviewer software and provided attackers with « RDP-like functions ».
The report found that Pulse Secure and Fortinet VPNs ‘credentials were used to harm various organizations after users’ credentials were leaked on the underground forums.
Usually four geographic regions are affected
Surprisingly, 40% of all first-access TTPs sold on the underground forums were targeted at four geographic regions. First-access TTPs from the US, Europe (unspecified), the United Arab Emirates, and France were largely searched for or traded.
Only a few brokers dominate the criminal underground supply with initial access methods
KELA also found that a clique of ten access brokers dominated the dark network to sell access to compromised networks. The five most popular threat actors with more than 10 initial accesses include:
The dominant hackers had dedicated threads on underground forums listed as « Buy Network Access to Corporations » or equivalent. They would also calm down and reappear with valuable and sometimes “expensive” offers.
IT organizations, large corporations and government units receive a premium price
The expensive offerings include IT organizations, large corporations, and government units. KELA discovered that a US IT company and another unspecified IT company were compromised by ConnectWise worth 5 BTC and 30,000 respectively. The broker claimed that the companies had many clients who could also be compromised.
Similarly, a $ 35,000 access to the Texas government on the same day it was listed was privately sold by a well-known threat actor while the Panasonic India compromise was listed at $ 500,000.
However, KELA found that some of the overpriced and expensive offers could not be sold and were ultimately classified as « irrelevant ».
Underground markets are becoming increasingly customer-oriented
Buyers were also picky, with some specifying the type of business they wanted to compromise. This development made the business more « customer-oriented ». For example, a threat actor inquired about remote access to US companies with sales of $ 300 million or more.
Access brokers who partner for a bigger cut
The researchers also found that the access sellers became affiliates and traded TTPs for initial access for a commission after a payoff from a ransomware attack.
« Such activity shows that some of the first-time brokers intend to move into affiliates for greater profits and a permanent place in the ransomware ecosystem, » the report said.
& # xD;
The sale of network first access methods is a million dollar business in criminal underground forums. Access brokers also preferred private call trading. #cybersecurity # respect data & # xD;
What are Genesis Investments?
& # xD;
How do I invest in Genesis Blockchain?
Click here to tweet & # xD;
- KELA notes that monitoring the activities of brokers in underground access, in addition to training staff and fixing vulnerabilities discovered, was a critical cybersecurity undertaking. Similarly, enabling two-factor authentication (2FA) for VPN and RDP connections would add a layer of security in the event that remote access credentials are accidentally lost.
- Genesis Investments is an early stage venture capital fund that focuses on seed stage startups from Eastern Europe and the Baltic States. The fund invests in future-proof startups founded by exceptional teams that operate in global markets valued at more than $ 10 billion.
- How to invest
How do I invest in Genesis stock?
Stocks: The easiest way to invest in blockchain technology companies is through the stock market. …
- Exchange Traded Funds (ETFs): ETFs give you access to funds that actively invest in blockchain companies.
- Crowdfunding: Some blockchain companies raise money through crowdfunding networks.
- How to Buy Shares in Genesis Healthcare
- Compare stock trading platforms. …
- Open and fund your brokerage account. …
- Look for Genesis Healthcare. …
What are 4 types of investments?
Buy now or later. …
- Decide how many you want to buy. …
- Check in your investment.
- There are four main investment types or asset classes to choose from, each with different characteristics, risks and benefits.
- Growth investments. …
- Shares. …
- Property. …
Will Genesis be bigger than 5G?
Defensive investments. …
What is the new technology called Genesis?
What’s better than 5G?
What does Genesis Technology do?
Teeka anticipates this industry will grow 295,000% in the years to come: u201cThe invention I am about to share with you today, u201c that I refer to as the u201cGenesis u201d will become clear for a reason that will shortly become clear will grow to 32 times more than 5G. u201d
What is Teeka Tiwari Investment 2020?
Under the agreement, a new company called Genesis Robotics and Motion Technologies (Genesis Robotics) will commercialize electric motor and actuation technologies, including the LiveDrive actuator, and further develop robotics designs and platforms.
How much is Teeka Tiwari worth?
A wireless communication expert even estimates that 6G networks can process rates of up to 8,000 gigabits per second. They also have much lower latency and higher bandwidth than 5G. Terahertz waves fall in the electromagnetic spectrum between infrared waves and microwaves.
What’s the best blockchain company?
Genesis Technology, Inc. offers complete information software and hardware products. It focuses on system platform, storage equipment, enterprise application software, data processing services, information security management, network security …
- Now the investment of the decade is about Genesis technology or blockchain according to The Crypto Oracle. With the latest insights into an industry set to begin in decade 2020, Teeka is sure to share what the Palm Beach Research Group team is unearthed regarding blockchain stocks that are in …
- What reminds me: His net worth is around $ 6 million, according to the internet.
- Top blockchain company
What’s the Best Blockchain Company to Invest in?
- Ship chain.
- Six Best Blockchain Stocks and ETFs to Buy:
- Square (SQ)
- Visa (V)
- Canaan (CAN)
Is the Genesis Investment System Legitimate?
Is it worth investing in crowdfunding?
Siren Nasdaq NexGen Economy ETF (BLCN)
Can Crowdfunding Make You Rich?
Amplify Transformational Data Sharing ETF (BLOK)