Woodkirk Stone
Activity in dark web markets that market access to compromised networks has grown dramatically over the past year, with sales up 50%, according to a new report from the Threat Research team by Lumu Technologies.
Criminal gangs are diversifying their monetization vehicles to get the most out of their efforts. Where in the past they sold credit cards and bank details, access to mail servers, networks and more is now offered. Access to remote desktop protocols is particularly attractive.
In addition to seemingly harmless threats like cryptojacking, malware is increasingly used by ransomware operators to probe and map their target’s infrastructure.
Most ransomware attacks now start with a “lesser†compromise that can be easily initiated through the access offered through increased availability of corporate user credentials. Certain strains of malware such as Emotet and Zloader have become precursors of larger “ransomware chain” attacks offering syndicate operators another way to monetize their lower level network incursions.
Attackers are also keen to extract maximum value from compromised networks, for example by using it for cryptomining, running spam campaigns, and even reselling the compromised infrastructure.
“We have seen at Lumu that ransomware attacks never happen in isolation,†writes Julian Brown of Lumu on the company’s blog. “There is always another type of threat, such as malware or a botnet that appears first. The result is that there is no such thing as a “minor threat”. One type of compromise can easily turn into another. “
You can read more and get the full report on the Lumu Blog.
Image credit: Koldunov / depositphotos.com