Adversary Universe Podcast The Rise of the Access Brokers
Oct 5, 2023
Access brokers are transforming the cybercrime landscape by selling stolen credentials and exploits. The podcast delves into how these brokers operate within a structured ecosystem, enhancing the reach of cyberattacks. It highlights the importance of understanding the strategies of cyber adversaries, including targeted attacks and the heightened risk of insider threats. Organizations are urged to adopt proactive cybersecurity measures, such as multi-factor authentication and zero trust principles, to mitigate these evolving dangers.
AI Snips
Chapters
Transcript
Episode notes
Role of Access Brokers
- Access brokers specialize in weaponizing vulnerabilities to gain initial access into organizations.
- They sell this access on underground markets for others to execute ransomware or data extortion attacks.
Access Broker Advertisement to Breach
- A company was advertised by an access broker in mid-December and publicly disclosed a breach by Christmas.
- Early detection of these postings could enable prevention of breaches or limit damage.
Malware-Free Attacks and Data Exfiltration
- Most intrusions (71%) occur without malware by using legitimate credentials and living off the land.
- Attackers exfiltrate data stealthily via cloud storage services, complicating detection.