Network Access Exploit Sellers and Ransomware Groups Unite for More Successful Cyber Attacks

Almost every month, we hear about an organisation that has been successfully hit by ransomware attack. As a result of these attacks, cybercriminals monetise the stolen data by using underground forums (a.k.a. dark web), through direct sale, or by holding it ransom.

Accenture’s Cyber Threat Intelligence research has revealed that there are new groups of Network Access Sellers who are now becoming active in underground forums. In these forums, ransomware gangs and Network Access Sellers meet and trade their goods and services. Once Network Access Sellers and ransomware gangs join forces, it becomes easy for them to identify entry points in target organisations’ networks and gain access to confidential data, which can then be monetised on the dark web.

Groups selling unknown network access vulnerabilities contribute to an increasing number of threat actors in cyberspace. Having an endpoint antivirus solution is not enough to protect an organisation’s ecosystem from ransomware. Both private and public organisations need to regularly assess their current security controls that are deployed on all risk areas, from on-premises devices to services hosted and accessible in the cloud.

Visibility over network activity is also crucial. Having security tools monitored 24×7 by cyber security experts provides complete visibility over an estate and allows for quick and effective action once a cyber attack is identified.

To ensure organisational resiliency in the midst of these highly destructive ransomware attacks, it is time to revisit and test business continuity and disaster recovery plans. You also should ensure their processes and actions are up to date and can be effectively deployed when handling a major cyber attack. Ransomware gangs will continue outsourcing Network Access Sellers and exploring other tactics that make their attacks successful, even against organisations with advanced security controls.