Banning ransomware-related content on cybercrime forums does little to prevent brokers providing initial network access from being advertised. Online-lists initial access brokers increased for the second consecutive quarter, reported by the specialists of the company’s Digital Shadows.
Following an attack by operators of the ransomware DarkSide on the American fuel giant Colonial Pipeline in May 2021, the administration of a number of cybercriminal forums, including XSS, Exploit and RaidForums, decided to ban the posting and discussion of ransomware in order to avoid unwanted attention from journalists and law enforcement agencies. But despite the ban on such content, Digital Shadows found over 250 new entry-access broker listings.
“Entry-access brokers did their jobs most of the time. Some have moved to other forums or moved their business infrastructure to private messaging channels. In addition, the extortionist groups avoided direct mention of the purpose of their criminal activity on the forums and tried to hire brokers of initial access, avoiding blocking, ”the experts explained.
Security experts have discovered a new ransomware group known as BlackMatter, which has become the successor of DarkSide’s activities. BlackMatter has bypassed the forum’s ransomware bans by carefully phrasing its requests without mentioning any actual ransomware operations. The criminals were looking to hire brokers in order to gain access to the networks of large companies.
The price of initial access brokers in 2021 increased from an average of $ 1,923 to $ 2,578. 70% of the total listings were targeted at organizations in North America (primarily in the US) and Europe. France was the most popular country among brokers in Europe, followed by the United Kingdom, Italy and Germany.
Catch up on more articles here
Follow us on Twitter here