Ransomware operators now outsource network access exploits to speed up attacks

silversurfer

Level 84
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,544
Ransomware operators are now turning to network access sellers in their droves to cut out a difficult step in the infection process.

On Monday, Accenture's Cyber Threat Intelligence (CTI) team released new research on emerging cybersecurity trends, including an investigation into the nature of relationships between ransomware operators and exploit sellers.

According to Accenture senior security analysts Thomas Willkan and Paul Mansfield, buying network access points and already compromised ways to infiltrate a target system are rising in popularity, including the purchase of stolen credentials and vulnerabilities.
Full report by researchers: Network Access Sellers and Ransomware Groups | Accenture
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,870
For example, in July, the threat actor Frankknox advertised the sale of a self-developed Zero-day targeting a well-known brand of mail server for $250,000 USD for which multiple offers were received. However, Frankknox aborted the sale and began exploiting the vulnerability to gain corporate network access to multiple victims
I wonder what mail server? :unsure:
 

Andy Ful

Level 81
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,002
It is more profitable to use the exploit to compromise networks than quickly selling such exploit. In this way, the exploits can be used several times and access to several networks can be sold.
Spying & compromising without making visible destructive actions can be hard to detect. Furthermore, the spying group has enough time to hide traces and avoid the consequences of criminal activity.