IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Access brokers are making it easier for ransomware operators to attack businesses

A new business model has been uncovered that makes it much easier for attackers to gain access to business' networks

Cyber security researchers have uncovered a new underground business model dubbed 'access-as-a-service' in which access to an organisation's network is sold rather than an exploit or zero-day vulnerability.

So-called access brokers are selling direct access to a company's network in which they're already embedded via shared remote VPN connections. Attackers can pay different sums for varying levels of access. 

The business model, discovered and detailed by Trend Micro, could lead to a new way for ransomware operators to launch attacks without having working exploit themselves. 

Attackers are now able to buy their way into a network, paying only as much as they need for the right level of access to achieve their objective. 

The business model relies on stolen credentials for access brokers to have a viable service and Trend Micro said businesses will have to place a greater emphasis on protecting credential theft to avoid future breaches. 

"Access brokers in the criminal underground often advertise this service like it’s a cinema ticket: Somebody buys this ticket, and they get straight in," read the report. "In reality, however, things are a bit different.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

"For example, what exactly do customers get in exchange for their money? Sometimes, it’s access to a web shell or a similar straightforward method of getting a command prompt into the compromised network. More often than not, however, it’s just a set of credentials and a VPN server to connect to."

Remote Desktop Protocol (RDP) access and VPN-based access were the two most common products being advertised, primarily in the United States, Spain, Germany, France, and the UK.

After viewing more than a thousand adverts for services online, the most common targets Trend Micro observed were universities and schools (36%), 11% offered access to manufacturing firms and professional services, with other miscellaneous companies comprising the remainder. 

Screenshot of an access broker's online advert

Trend Micro

Online adverts typically offer access to a company with a broad description such as 'big German energy company', offer details of the level of access available, type of access on offer (RDP or VPN), cost of the service, and in some cases details of the company's turnover and employee numbers.

Screenshot of an access broker's online advert

Trend Micro

Prices for services can range between a few US dollars for access to a single machine and six-digit sums for admin credentials to an entire business, but most dedicated brokers don't advertise their prices openly, according to the researchers.

Access brokers are typically advertising their products either on deep web criminal marketplaces, through a network of connections throughout underground forums, and in less common cases dedicated online shops are used for smaller-scale, single-machine access.

Trend Micro made several suggestions for businesses wary of being exploited using this new business model. Monitoring public breaches can be useful in determining if credentials may have been stolen and triggering a password reset for all staff if one is detected.

Enabling two-factor authentication (2FA) for remote staff will also help prevent remote access from criminals, as will closely monitoring user behaviour on the network.

For the most cautious, operating on a zero-trust model and assuming all staff have lost their passwords to criminals before is recommended, applying the necessary security measures where appropriate.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection
endpoint security

Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection

7 Dec 2021

Most Popular

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Internet providers look to ease cost of living crisis with cheaper broadband
broadband

Internet providers look to ease cost of living crisis with cheaper broadband

29 Jun 2022