RESEARCH: 99.5% of consumers demand protection in mobile apps
June 2024 by Cyjax
CYJAX announces its research into initial access brokers (IABs). These individuals sell initial access to corporate networks that attackers can target in ransomware attacks, data exfiltration, and other illegal operations.
Cyjax monitored listings on the most prominent Russian- and English-language cybercriminal forums in Q1 2024, advertising access to organisations in over 80 countries and 35 industry sectors. The report names the top ten vendors, who accounted for approximately 40% of all listings. The vendors are ranked as follows:
1. SGL (6.1% of listings)
2. PirateJack (6%)
3. SASAKI2303 (5.4%)
4. DBLand (4.9%)
5. Sandocan (3.7%)
6. Alastor (2.6%)
7. DonaldBucks (2.2%)
8. Kio (2%)
9. TA55 (2%)
10. Ddarknotevil (1.6%)
While IABs sell access to organisations across the globe, the United States is the most targeted with almost 30 percent of all listings. This is followed by Brazil (7.5%) and the UK (4.6%). Some countries, such as Russia and its sphere of influence, are seen as “off-limits” on Russian language forums, which are the most prominent.
Prolific IABs provide access to all manner of industries. One of the most active and highlighted in the report, PirateJack, primarily advertises VPN access to organisations in the education, IT, healthcare, and manufacturing sectors located in the US, Thailand, Germany, and Portugal. Analysis of forum contributions suggests they use brute force attacks to harvest credentials or target compromised VPNs to facilitate this initial access.
Access can command high prices. Two others highlighted, DonaldBucks and Sandocan, priced their listings at over $1,000 on average. Analysis shows that price depends on the reputation of the seller for supplying secure access, the level of access, the industry sector, and the revenue of the target organisation:
• Access to organisations with revenues below $10 million cost less than $1,000 on average, while those with revenues of more than $1 billion were priced at $6,000.
• Access to Israeli companies were priced the highest when accounting for the organisation’s revenue. An Israeli organisation with a revenue of $100 million was priced at $15,300 on average; a UK-based equivalent would only be priced at $3,700.
• Access to organisations within the insurance, construction, and public sectors were the most highly prized, commanding the biggest fees.
“IABs have become a key component in the ransomware ecosystem. While some groups will have their own ‘in-house’ capabilities, these freelancers provide an efficient, reliable and trusted partner for many groups who can then focus on exploiting the access for financial gain,” said Roman Faithful, Threat Intelligence Lead at Cyjax. “It’s a growing market that shows no sign of slowing—the number of companies that can be exploited is nowhere close to being exhausted. While law enforcement has seen success in dismantling ransomware groups, it’s important not to forget those who open the door for their activities.”