Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.
Latest posts by Esme Greene (see all)
- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
Researchers from the threat intelligence firm Flare have uncovered a hacker’s advertisement demanding $120,000 for privileged access to a prominent auction house’s system. This discovery was part of an extensive investigation into the Russian-language hacker forum, Exploit, known for being a hub for IABs.
Over three months, Flare’s experts delved into 72 posts on the forum, revealing that cybercriminals had advertised access to more than 100 companies spanning 18 distinct sectors, such as defense, healthcare, and finance. Their findings showed that U.S., Australian, and U.K. firms were primarily in the crosshairs, largely due to their substantial GDPs.
Access prices fluctuated based on the targeted company’s profile and location, with many starting as low as $150, mainly for VPN or RDP initial access. Around a third of these offers were priced below $1,000. Nonetheless, the auction house’s access stood out as the priciest, with hackers boasting about their comprehensive backend access to upscale auctions like Stradivarius violins and rare cars.
Most advertisements specified the victims’ geography, revealing that 35 entities outside the U.S. had supposedly been compromised. Notably, while Russia and the Commonwealth of Independent States (CIS) were generally off-limits for IABs, China, with the world’s second-largest GDP, had a surprisingly low target number.
The data also highlighted that the primary access methods were through RDP and VPN, making up 60% of the listings. The level of access varied, ranging from cloud administrator to domain user.
Eric Clay of Flare noted the advertisement of an exclusive access to a U.S. radio station’s system, which could allegedly be utilized to broadcast ads. Some brokers also offered entry to backup and recovery systems, potentially enabling ransomware attacks.
Though most initial accesses stem from info-stealing malware, a few brokers indicated employing alternative methods. Clay emphasizes the importance of businesses strengthening their security measures and monitoring forums like Exploit for potential threats, even if victim details are obscured. Such vigilance can help companies detect vulnerabilities and mitigate risks.