Actions to Take to Defeat Initial Access Brokers

Actions to Take to Defeat Initial Access Brokers

November 17, 2023 at 12:08PM

Access-as-a-service (AaaS) is a new cybercrime business model that involves selling methods for accessing networks. Criminals known as access brokers steal enterprise user credentials and sell them to other attackers. The buyers then use ransomware or malware services to steal confidential data. Countermeasures to mitigate these threats include monitoring the dark web, securing domains, changing passwords, and patching vulnerabilities. Utilizing open source intelligence (OSINT) can help identify potential security holes and protect against credential loss and attacks.

Takeaways from the meeting notes are as follows:

1. Access-as-a-service (AaaS) is a new business model in the cybercrime world, where threat actors sell methods for accessing networks for a one-time fee.
2. Access brokers (IABs) steal enterprise user credentials and sell them to other attack groups, who then use ransomware-as-a-service (RaaS) or malware-as-a-service (MaaS) to exfiltrate data from targeted enterprises.
3. AaaS is part of the overall trend of cybercrime-as-a-service (CaaS).
4. A common scenario for AaaS involves IABs deploying infostealers to acquire various types of data from compromised devices, which are then sold on the Dark Web.
5. Some IABs have direct contact with system administrators or end users who are willing to sell access to their systems.
6. Countermeasures against IABs include using OSINT (open source intelligence) to identify potential security holes and taking appropriate actions to prevent damage.
7. Examples of security holes that OSINT analysis can find include suspicious domains, leaked email addresses, exposed credentials, and more. Countermeasures may involve taking down domains, changing passwords, securing leaked information sources, and implementing additional security measures.
8. It is important to understand the risks associated with credential loss and IABs, and OSINT reports can provide critical information for building a defense against these threats.
9. Good threat intelligence is crucial for building effective cybersecurity layers and reducing risks associated with new and innovative threat groups like AaaS.

Full Article