Experiencing a Security Breach?
contact@prisminfosec.com +44 (0) 1242 652 100 +44 (0) 1242 652 100

LATEST CYBER SECURITY NEWS AND VIEWS

Home > News > Initial Access Brokers – The Gateway to Ransomware and Supply Chain Attacks

Latest news

Initial Access Brokers – The Gateway to Ransomware and Supply Chain Attacks

Posted on by Prism Infosec

Initial Access Brokers (IABs) are part of the cybercrime-as-a-service ecosystem. They have become the first step in a number of high-profile compromises resulting in ransomware and supply-chain threats. These groups collect, package and sell credentials from a variety of sources for a variety of systems (such as VPN, RDP, SSH, etc), selling them with details on who they are for, the level of access they provide, the typical defences you will encounter.

This means that even a “minor” credential leak can lead to a massive breach later on down the line. Many ransomware groups rely on IABs to pre-select targets based on the information the IAB can gather about the company to include in an info pack about the credentials. This means that a company’s poor credential hygiene, Multi-Factor Authentication (MFA) gaps and porous attack surfaces are being monetised by cybercriminals, who will make a profit first off of the opportunity you have given them, then again from the attack such an access can lead to.

This particular threat can be highly insidious, with many companies not realising or acknowledging that their network might already be for sale somewhere. Good threat intelligence can help uncover if an access broker is selling access to your networks, and red teams can simulate a threat actor with “bought” credentials to determine if you can detect and respond to such an intrusion. It is therefore imperative that such scenarios be considered going forward not just in tabletop exercises but also in practical testing.

If you are a CISO, or c-suite executive, you should be asking your security teams if they have ever run an engagement simulating an IAB; making sure you have threat intelligence that is monitoring for the sale of your company’s credentials; reviewing your network regularly for poor segmentation and access control, and ensuring you have minimised your exposure to stale accounts and shadow IT.

At Prism Infosec we can help with all of these tasks, we can even help you with tabletop exercises focussed on IAB breaches.

Please reach out to us if you would like to know more. Prism Infosec: Cyber Security Testing and Consulting Services

FILTER RESULTS

Latest tweets

Prism Infosec @prisminfosec ·
16 Dec

A great conference @BSidesLondon, thanks for having us at #BSidesLDN2024! Looking forward to continuing the relationship next year!

Prism Infosec @prisminfosec ·
26 Nov

Prism Infosec is proud to be a gold sponsor of @BSidesLondon 2024! Come and visit us on our stand and join in our cyber scavenger hunt! #CyberSecurity #bsides

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.