Ransomware operators now outsource network access exploits to speed up attacks

[silversurfer]

Ransomware operators are now turning to network access sellers in their droves to cut out a difficult step in the infection process.

On Monday, Accenture's Cyber Threat Intelligence (CTI) team released new research on emerging cybersecurity trends, including an investigation into the nature of relationships between ransomware operators and exploit sellers.

According to Accenture senior security analysts Thomas Willkan and Paul Mansfield, buying network access points and already compromised ways to infiltrate a target system are rising in popularity, including the purchase of stolen credentials and vulnerabilities.

Full report by researchers: Network Access Sellers and Ransomware Groups | Accenture

 

[upnorth]

For example, in July, the threat actor Frankknox advertised the sale of a self-developed Zero-day targeting a well-known brand of mail server for $250,000 USD for which multiple offers were received. However, Frankknox aborted the sale and began exploiting the vulnerability to gain corporate network access to multiple victims

Network Access Sellers and Ransomware Groups | Accenture

Ransomware groups are taking advantage of opportunities to purchase network access on dark web forums to compromise networks and unleash malware. Learn more.

www.accenture.com

I wonder what mail server?

 

[Andy Ful]

It is more profitable to use the exploit to compromise networks than quickly selling such exploit. In this way, the exploits can be used several times and access to several networks can be sold.
Spying & compromising without making visible destructive actions can be hard to detect. Furthermore, the spying group has enough time to hide traces and avoid the consequences of criminal activity.