A new report from Accenture details the rise of the Network Access Seller: expert hackers who secure a beachhead into corporate networks and then sell the access in well organised markets on the dark web.
If you are a ransomware operator looking for a juicy corporate target, the Network Access Seller markets on the darkweb will allow you to pick the exact target that matches your software and skills. Government or business? RDP or VPN access? How many machines on the network and revenue of the parent organisation – the choice is yours.
According to the report from Accenture, access to these networks is typically sold for between US$300 and US$10,000 depending on the revenue of the victim and the size of the network.
According to Accenture “compromised RDP connections remain the primary initial entry vector used by Network Access Sellers” but there is a noticeable increase in diversification of approach used by the attackers.
The establishment of ‘well known’ market places selling access to compromised networks also opens up another possible channel of defence. Organisations could monitor these market places to identify networks for sale that match their own profile and the emergence of new attack vectors being offered which could indicate the discovery of new zero-day exploits.
You can protect your network, the proactive monitoring of network logs and intrusion detection systems is important as there can be a time delay between the initial compromise and the launch of an attack. Regular network penetration testing and vulnerability scans will also help identify newly discovered vulnerabilities in your network.