“For safety groups, information on preliminary entry dealer exercise is usually a helpful supply of pre-attack intelligence,” the corporate mentioned. The researchers additionally noticed ransomware teams interacting with a few of these posts.
Financial institution safety groups and impartial safety researchers can use these posts to research the capabilities and assess the menace stage of the actors posting and interacting with them.
Among the many preliminary entry brokers posts, these providing distant community entry by way of Distant Desktop Protocol (RDP) and digital personal networks (VPNs) had been the commonest. The exploitation of a privileged accounts might doubtlessly result in malware or ransomware being deployed on the system, management over working infrastructure, entry to delicate databases and file storage, and the harvesting of confidential info used to blackmail the sufferer into paying a ransom.
Searchlight Cyber additionally discovered a number of posts providing to promote web shells, which can be utilized to put in backdoors right into a compromised system, or distant code execution (RCE) entry, which when exploited permits the attacker to make an utility execute code they select, fairly than doing what the appliance ought to be doing.
Insider menace exercise on the darkish internet
The researchers additionally noticed two foremost insider threats leveraging the darkish internet. The primary entails workers with entry to a company’s programs promoting it on the darkish internet, whereas within the second menace actors attempt to recruit malicious insiders on the darkish internet.
“For a safety crew that has to contemplate malicious insiders with privileged entry as a part of their menace mannequin, these posts do present a helpful start line to research and mitigate the chance of compromised workers,” Searchlight Cyber mentioned.
