Cybersecurity firm Intsights published a new report that highlights the vibrant marketplaces on the dark web where attackers can buy or sell what they needed to target an organization. Paul Prudhomme, a cybersecurity advisor at IntSights, analyzed several underground exchanges on Russian and English-language platforms where stolen credentials and network compromises are traded. The underground criminals sell stolen network access to third parties for up to $10,000. The prices are also influenced by location and industry.“Some cyber-criminals specialize in network compromises and sell the access that they have obtained to third parties, rather than exploiting the networks themselves,” researchers explained. “By the same token, many criminals that exploit compromised networks — particularly ransomware operators — do not compromise those networks themselves but instead buy their access from other attackers.”According to researchers, cybercriminal groups rarely possess a team of attackers experienced in each stage of an attack, making dark web platforms ideal to sell or buy malware payloads, hosting infrastructure, and access to abused networks. “In September 2020, Russian-speaking username “hardknocklife” auctioned off remote desktop protocol (RDP) access to a U.S. hospital. He mentioned as a selling point that this RDP access yielded patient records, in which he reportedly had no interest,” researchers added. “US patient records from healthcare organizations are a valuable resource for identity thieves and other fraudsters because they contain dates of birth, social security numbers, and other personal details that they can use for fraudulent credit applications and other malicious purposes,” they went on to say. “This seller could have mined or monetized that data himself but lacked interest in doing so, perhaps because he could be more productive as an intruder than a fraudster, or ..
Support the originator by clicking the read the rest link below.
