Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IABs. Show all posts
IABs
ADT data breach Cyber Crime Cyber Threat Intelligence Hacking IABs

How Hackers Sell Access to Corporate Systems Using Stolen Credentials

 


In the cybercrime world, Initial Access Brokers (IABs) are essential for facilitating attacks. These specific hackers break into company systems, steal login credentials, and then sell access to other criminals who use it to launch their own attacks. They essentially act as locksmiths for hackers, making it easy for those willing to pay to get into systems.

What Exactly Do IABs Do?

IABs function as a business where they sell access to corporate systems stolen from their organizations on dark markets, either private forums or Telegram channels. The credentials offered include the most basic login information and even the highest administrator accounts. They even have guarantees by giving a refund if the stolen credentials fail to work.

This system benefits both inexperienced attackers and advanced hacking groups. For less skilled criminals, IABs provide access to high-value targets they could never reach independently. For seasoned ransomware operators, purchasing pre-stolen access saves time and allows them to focus on deploying malware or stealing sensitive data.

Such credentials as usernames and passwords are a hacker's key to entering a system directly, bypassing all the security barriers. Such an attack occurred during major breaches such as in the 

  • Geico Case: Cyber thieves in 2024 accessed Geico's online tools with stolen credentials and compromised sensitive information for 116,000 customers and paid the company millions in fines.
  • ADT Breach: Thieves had used the credentials of one of ADT's partners to breach ADT's internal systems twice, releasing customer records and proving that even trusted relationships can be compromised. In a report released by IBM in 2024, compromised credentials accounted for nearly 20% of all data breaches and were frequently unobserved for months, leaving attackers sufficient time to steal their information.


How to Protect Against IABs  

Organizations must adopt proactive measures to counteract these threats:  

1. Threat Intelligence: Tools can monitor underground markets for stolen credentials. If a company’s data appears on these platforms, immediate action—like forcing password changes can help minimize damage.

2. Complex Passwords: It is recommendable that companies enforce rules forcing employees to use complex, unique passwords and to update them regularly. Platforms like Specops Password Policy allow companies to check their credentials against known breached databases to prevent using the same breached passwords.

Although IABs have made cybercrime more efficient, organizations can protect themselves by understanding their tactics and strengthening their defenses. Regular monitoring, strong password practices, and quick responses to breaches are key to staying ahead of these threats. By closing the gaps hackers exploit, companies can make it harder for cybercriminals to succeed.




Read more »
User Security
Australia Data Breach Data Leak Data Thefy IABs ransomware attacks User Security

Initials Access Brokers are Playing Major Role in Data Breaches

 

As the cybercrime ecosystem continues to expand in Australia, the job of security professionals has also come under scrutiny. In the past month, alone seven major Australian enterprises including Optus, Medibank, and Woolworths have suffered data breaches. 

According to the latest Recorded Future intelligence report, the rise of initial access brokers (IABs) has led to increasing data breaches. IABs employ several multiple tools, techniques, and procedures (TTPs) to achieve initial access to the targeted network. 

IABs modus operandi 

IABs often launch the first stage of a ransomware attack and then sell this access to other hackers who deploy the ransomware to paralyze the victim’s computer system. 

IABs are primarily active on top-tier Russian-language platforms like Exploit, XSS, and RAMP, and typically operate using multiple languages and online pseudonyms to bypass detection. The advertising on underground forums includes a series of important details that hackers will need to select their next victim. These include victim country, annual revenue, industry, type of access, rights, data to be exfiltrated, devices on the local network, and pricing. 

While many ransomware affiliates are happy to negotiate publicly, with IABs advertising on these forums, others are thought to work directly and secretly with a pre-selected group of access brokers. Either way, the advantage of working alongside IABs is clearly to accelerate their campaigns. 

According to the latest research conducted by KELA, IABs sell initial access for $4600, and sales take between one and three days to finalize. Once access has been purchased, it takes up to a month for a ransomware attack to take place -- and potentially for the victim to be subsequently named on a leak site. The average price for access was around USD 2800 and the median price - USD 1350.

How to counter the threat 

Fortunately, there are multiple things businesses can do to mitigate the threat, not only of initial info-stealing attacks but also the ransomware that follows. 

Organizations should train employees to recognize and neutralize social engineering attacks. When it comes to ransomware, maintain offline backups of sensitive data, segment networks to contain an attack’s blast radius, and apply two-factor authentication everywhere. Continuous monitoring and robust threat intelligence will also provide a useful early warning system. 

Most importantly, the right defensive posture can help organizations to regain the initiative and put enough roadblocks in the way that their adversaries give up and move on to the next target.
Read more »
Subscribe to: Posts (Atom)