Security News > 2020 > October > Ransomware Attackers Buy Network Access in Cyberattack Shortcut

For prices between $300 and $10,000, ransomware groups have the opportunity to easily buy initial network access to already-compromised companies on underground forums.

The ability to purchase initial network access gives cybercriminals a quicker handle on infiltrating corporate and government networks, so that they can focus in on establishing persistence and moving laterally.

The salespeople behind this activity typically first develop an initial network vulnerability and infiltrate the victim network to gain complete corporate network access.

"Although it is difficult to prove that an advertised network access is linked to a specific ransomware attack, from analysis of threat-actor activity we assess with high confidence that some of the accesses are being purchased by ransomware groups and affiliates, thereby enabling potentially devastating ransomware attacks on corporate entities," they said.

One threat actor named Frankknox started by advertising for a zero-day targeting a popular mail server for $250,000 - however, he later killed that sale and started exploiting the zero-day himself, and went on to offer corporate network access to 36 companies instead. This network access has been marketed for between $2,000 up to $20,000 - and the threat group claimed to have sold access to at least 11 organizations.

News URL

https://threatpost.com/ransomware-network-access-cyberattack/159998/