Security News > 2021 > December > Cybercrime supply chain: Fueling the rise in ransomware

Trend Micro released a research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks.

"Media and corporate cybersecurity attention have been focused only on the ransomware payload when we need to focus first on mitigating the activity of initial access brokers," said David Sancho, senior threat researcher for Trend Micro.

"Incident responders often need to investigate two or more overlapping attack chains to identify the root cause of a ransomware attack, which often complicates the overall IR process. Teams could get ahead of this issue by monitoring for activity by access brokers who steal and sell enterprise network access - essentially cutting off the supply for ransomware actors."

The research is based on an analysis of over 900 access broker listings from January through August 2021 across multiple English and Russian language-based cybercrime forums.

Dedicated brokers are sophisticated and skilled hackers who offer access to a range of different companies.

Most access broker offerings involve a simple set of credentials that may have been sourced from: Previous breaches and password hash breaking; compromised bot computers; vulnerability exploitation on VPN gateways, web servers, etc.

News URL

https://www.helpnetsecurity.com/2021/12/06/cybercrime-supply-chain/