Trend Micro research highlights the importance of securing enterprise credentials

Trend Micro has released new research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. Demand has increased so much over the past two years that many cybercriminal markets now have their own “Access-as-a-Service” sections.

“Media and corporate cybersecurity attention have been focused only on the ransomware payload when we need to focus first on mitigating the activity of initial access brokers,” said David Sancho, senior threat researcher for Trend Micro. “Incident responders often need to investigate two or more overlapping attack chains to identify the root cause of a ransomware attack, which often complicates the overall IR process. Teams could get ahead of this issue by monitoring for activity by Access Brokers who steal and sell enterprise network access – essentially cutting off the supply for ransomware actors.”

The research is based on an analysis of over 900 access broker listings from January through August 2021 across multiple English and Russian language-based cybercrime forums.

Education was the most frequently featured sector, accounting for 36% of advertisements—more than triple the second and third most targeted industries, manufacturing, and professional services, which both account for 11%.

The report reveals three main types of access brokers:

• Opportunistic sellers who are focused on making a quick profit and don’t spend all their time on access.

• Dedicated brokers are sophisticated and skilled hackers who offer access to a range of different companies. Their services are often used by smaller ransomware affiliates and groups.

• Online shops that offer RDP and VPN credentials. These dedicated shops only guarantee access to a single machine rather than an entire network or organization. However, they represent a simple, automated way for cybercriminals with lower skill sets to purchase access. They can even search by location, ISP, operating system, port number, admin rights, or company name.

Most access broker offerings involve a simple set of credentials that may have been sourced from: Previous breaches and password hash breaking; compromised bot computers; vulnerability exploitation on VPN gateways, web servers, etc.; or one-off opportunistic attacks.

Prices vary depending on the type of access (single machine or entire network/corporation), annual revenue of the company, and how much extra work the buyer needs to do. Although RDP access can be obtained for as little as $10, the average price for admin credentials into a business is around $8,500. However, prices can reach up to $100,000.

Trend Micro recommends the following strategies for defenders:

• Monitor for public breaches

• Trigger a password reset for all users if you suspect corporate credentials might be breached

• Set up Multi-Factor Authentication (MFA)

• Monitor user behavior

• Watch the DMZ and assume internet-facing services like VPN, webmail and web servers are under constant attack

• Implement network segmentation and micro-segmentation

• Deploy best practice password policies

• Implement some form of Zero Trust architecture


Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.
State of Industrial Cybersecurity report reveals only 21% of organizations achieved full maturity for ICS/OT cybersecurity and regularly inform the C-suite and board about OT cyber status.
PhishLabs Threat Trends and Intelligence Report show attacks grow 31.5% year-to-date over 2020, with social media attacks continuing to climb; September more than doubles its phishing activity over the same month last year.