Ransomware has grown in popularity in recent years. As a result, sub-services that aid ransomware creators in deploying their illegal creations have evolved, ranging from language services to manage ransom payment negotiation to Initial Access Brokers (IABs) who provide covert access to networks as required.
To say that security teams had a challenging year in 2021 would be an understatement. Last year, the industry saw supply-chain attacks affecting hundreds of companies, paralyzing ransomware attacks against critical infrastructure, and state-sponsored espionage campaigns that made no company feel safe, even those with expensive firewalls.
Initial Access Brokers (IABs) established themselves as significant cybercrime players in 2021 within this messy ecosystem. The increase in cybercrime has provided fertile ground for IABs, who can leverage the ongoing need for available access. The IAB market has maintained business continuity while adapting to the evolving conditions of the cybercriminal ecosystem.
How Can Companies Defend Themselves Against Initial Access Brokers?
Here are some suggestions for companies looking to protect their assets from Initial Access Brokers.
Awareness Training for Employees
Every organization’s security defenses must include training the workforce to recognize and report phishing emails. Employee training should be supplemented with technical response protocols that instruct IT or InfoSec teams on how to investigate and respond to phishing efforts.
Reducing a company’s public-facing services and systems is an excellent method to lower the threat of initial compromise. Shifting all remote access services behind an enterprise remote access VPN connection, mandating MFA, and posture-checking the devices of users can all help prevent unwanted access.
Multi-Factor Authentication (MFA)
MFA combines a login and password with a unique second factor, such as a PIN or biometric, to prevent unauthorized users from signing in as legitimate employees. MFA should be required for all remote access, privileged access accounts, and cloud services, and it is still one of the best recommendations for any company.
Threat actor groups don’t always get their access through phishing. Many hacker groups, in fact, exploit unpatched public-facing services and systems to get an early footing and exfiltrate usernames and passwords from infiltrated internal systems. Routine scanning of all internal and external systems, applications, and devices for vulnerable software and timely application of vendor patches to address them should be part of a mature vulnerability management program.
Businesses must monitor web content via their web servers. They should keep an eye out for any new files that appear in a folder that should not be accessible to visitors or users. Furthermore, in the event that an attacker replaces a file with a web shell, organizations must check for any hash changes in any of these files that are not the result of an update.
Surveillance of Underground Forums
Some businesses monitor the Dark Web and, more specifically, multiple cybercriminal marketplaces and forums. Businesses can register to be notified if cybercriminals, especially IABs, discuss their company. Even if the network has already been infiltrated, the impact can be mitigated by responding quickly to the threat.
For more such updates follow us on Google News ITsecuritywire News