Cyber Insiders-v8-web - Flipbook - Page 19
Over the past decade, IAR has become
established as a key component of the
“X-as-a-Service” criminal ecosystem
by providing a quick and easy route
for criminals to gain access to victims’
infrastructure. IABs, the so-called
“locksmiths” of the cyber underground,
act as intermediaries who do the leg
work to break into a network and
then sell on that corporate access
to attackers.
From stolen VPN and rem ote desktop protocol
accountdetails to othersensitive credentials,IABs
m ake iteasy forcybercrim inals to gettheirfootin
the doorto launch theirattack w ithoutbreaking a
sw eat.O ften the IAB w illdrop w eb shells,a shell-like
interface thatenables a w eb serverto be rem otely
accessed,to ensure continuous future access,and
then sellit.
The recentgrow th spurtin the IAR m arkethas
been driven by a com bination ofelevated dem and
and an abundantsupply ofaccess.M uch ofthis
increased access can be attributed to the continued
exploitation ofinfrastructure and services deployed
during the pandem ic.
TOP 5 IAB ATTACKER
STRATEGIES
Mass Remote Code Execution
(RCE) strategy
The attackerdeploys an internet-w ide
attack to exploitan RC E vulnerability,
com prom ising as m any victim s as
possible in a shortperiod oftim e.
Follow ing the initialexploit,the
attackerestablishes a stable rem ote
access channel.
Mass brute force strategy
The attackerdeploys a 24x7 internetw ide attack capability to exploit
internet-exposed devices and services
by bruteforcing theirlogin panels.
Mass phishing strategy
The attackerruns an indiscrim inate
phishing cam paign to trick victim s into
executing m alw are.Follow ing the initial
exploit,the attackerestablishes a stable
rem ote access channel.
A la carte phishing strategy
C learly,the IT security controls ofm any organisations
are stillcatching up w ith the rapid tacticalchanges
m ade during the C ovid pandem ic.Savvy to these
w eaknesses,IABs quickly adapted to exploitsuch
vulnerabilities,m ostnoticeably in the cloud w here
poorly defended O ffice365 and G oogle W orkspace
services provide rich pickings.
W hile IABs have a sordid array ofcustom ers,
ransom w are operators tend to be theirbestclients,
and w ith ransom w are continuing to grow ,itis vitalto
gain an understanding ofIAB attackerstrategies and
how to m itigate againstthem .
IABs adoptdifferentstrategies depending on their
expertise,capabilities,and goals,so here are five
ofthe m ostcom m on attack strategies used by
IABs today.
C YBER IN SID ERS M AG AZIN E - Vol.2
The attackerruns a phishing cam paign
targeted atusers ofa specific enterprise
cloud service.The aim is to capture
credentials ofas m any victim s as possible.
Access to order strategy
The attackeradvertises “access to
order” services on a dark m arket,then
establish access to victim s based on
the orderbook.The attackeradopts an
APT-like approach,w hich m ay involve
RC E,credentialbruteforcing,targeted
phishing orhybrid tactics e.g.insider
threatorphysicalaccess.The price for
this strategy is agreed upon before the
attack begins.
Page
|
19
