Ransomware operators now outsource network access exploits to speed up attacks

[silversurfer]

Content source

https://www.zdnet.com/article/ransomware-operators-buy-network-access-from-the-underground-to-speed-up-infection/

Ransomware operators are now turning to network access sellers in their droves to cut out a difficult step in the infection process.

On Monday, Accenture's Cyber Threat Intelligence (CTI) team released new research on emerging cybersecurity trends, including an investigation into the nature of relationships between ransomware operators and exploit sellers.

According to Accenture senior security analysts Thomas Willkan and Paul Mansfield, buying network access points and already compromised ways to infiltrate a target system are rising in popularity, including the purchase of stolen credentials and vulnerabilities.

Full report by researchers: Network Access Sellers and Ransomware Groups | Accenture

 

[upnorth]

For example, in July, the threat actor Frankknox advertised the sale of a self-developed Zero-day targeting a well-known brand of mail server for $250,000 USD for which multiple offers were received. However, Frankknox aborted the sale and began exploiting the vulnerability to gain corporate network access to multiple victims

What We Think | Business & Technology Insights

Accenture thought leadership offers business and technology insights on key market forces & technologies to set your company on the path to value.

www.accenture.com

I wonder what mail server?

 

[Andy Ful]

It is more profitable to use the exploit to compromise networks than quickly selling such exploit. In this way, the exploits can be used several times and access to several networks can be sold.
Spying & compromising without making visible destructive actions can be hard to detect. Furthermore, the spying group has enough time to hide traces and avoid the consequences of criminal activity.