Info@NationalCyberSecurity
Info@NationalCyberSecurity

Initial access brokers are the latest cybercriminals targeting Australians. Here’s how they work | #cybercrime | #infosec


In some ways, the newest cybercriminals attacking Australia are a lot like real estate agents.

It’s all about location, location, location. Marketing is key, of course, and so is plenty of stock.

And, like the housing market, there’s plenty of money to be made.

A big difference is that when real estate agents hand over the keys, it’s not a crime.

Known as initial access brokers, this emerging class of hackers use their specialist skills to break into businesses and then sell usernames and passwords — the keys, so to speak — to ransomware gangs on the dark web.

Initial access brokers represent a newer cybersecurity threat to Australians.(Pexels)

They’ve become an integral part of the cybercrime economy and the cost to Australians is clear.

The federal government now estimates digital crime is costing the economy $29 billion a year.

The Australian Cyber Security Centre last year revealed that, on average, a cybercrime report is made every six minutes — a frequency that’s been steadily increasing over the past two years.

So how have things gotten so bad?

Our digital spy agency, the Australian Signals Directorate, says part of it has to do with access brokers.

Who are access brokers and where do they fit?

Hacking used to be a one-stop shop.

Cybercriminals were responsible for every step of the crime from hacking into a company, writing the complex ransomware to lock it all up and then negotiating with and extorting victims.

But since then, the cyber underworld has become more sophisticated — that’s where access brokers come in.

hands typing on a computer keyboard.

Hacking has become a more sophisticated operation since its early days.(Reuters: Samantha Sais)

Ransomware gangs now only have to scour dark-web marketplaces and then get on with extorting Australians without having to do any of the leg work.

Deakin University criminology expert James Martin says it fits into a worrying picture, as a fractured criminal underbelly steadily becomes professionalised.

“By having actors that don’t need to develop all the skills to carry out all the different stages of a cyber attack … it enables many, many more attacks to take place,” Dr Martin says.

“The real danger with this is it enables people with fewer and fewer cyber skills to engage in increasingly sophisticated cyber attacks,” he says.

“I think the Optus and Medibank attacks, both of which were facilitated by initial access brokers, really highlight to everyday Australians, not just corporate leaders and people in business, that your everyday life can be affected by initial access brokers.”

optus 'yes' sign on glass fronted office block

Initial access brokers were involved in the Optus data breach.(AAP: Bianca De Marchi)

Australia’s cyber spy agency — the Australian Signals Directorate — says the country is “regularly” targeted by cybercriminals and acknowledges the role access brokers play.

“Cybercriminals, supported by a global industry of increasingly capable access brokers, continue to evolve their operations to maximise their profit and minimise their risk,” a spokesman says.

“Ransomware remains the most harmful and destructive form of cybercrime.”

How cheap is my data going?

Considering the havoc that it causes, the price to get access to your data is worryingly cheap.

The cost can be anywhere from $1,500 — about the same price as floor tickets to Taylor Swift — or as high as $15,000, but is usually somewhere between $2,000 and $4,000.

Access is sold on the dark web with advertisements including details like what type of business has been attacked, the country it’s in, how much money the business turns over and the asking price, but not the name of the business that’s been hacked.

A graphic of a phone screen with a written advertisement for a womens fashion store.

Advertisements appear on the dark web where hackers can purchase information.(ABC News: Brett Gelbart)

CrowdStrike, a US-based cybersecurity company, says in the past year there’s been a 147 per cent increase in the number of access broker advertisements, which it says reflects growing demand.

The company’s president Mike Sentonas, who is an Australian, says access brokers even offer their clients tech support.

“With support contracts with a guarantee that their tradecraft will work, with victims if you want,” Mr Sentonas says.

A photo of a man staring seriously at the camera.

Mr Sentonas says access brokers offer support services to their clients.(Supplied: Mike Sentonas)

Does this happen a lot in Australia?

Sydney-based private cybersecurity firm NSB Cyber recently tracked sales advertisements on the dark web, finding Australia was the third-most-targeted country.

The research showed that between January and September last year, access brokers sold stolen credentials 1,586 times — 62 of those sales involved Australia.

NSB Cyber’s chief executive Shane Bell, who previously led the cybersecurity practice at consulting firm McGrathNicol, says access brokers were an “early indicator” of ransomware attacks.

“I would think that most of the ransomware that takes place in Australia on Australian businesses would be via brokered access,” Mr Bell says.

“If I don’t have to go and figure out how to get access myself and I can buy it, then it’s just a cost of business,” he says.

A photo of a man staring seriously at the camera.

Mr Bell believes access brokers are involved in most Australian ransomeware attacks.(Supplied: Shane Bell)

Dr Martin, the criminologist, says the data from both companies was unsurprising.

“Australian companies are relatively wealthy … depending on what sector they’re located in, they have poor levels of cybersecurity so they make valuable and lucrative targets,” Dr Martin says.

“We see a huge proportion of cyber attacks emanating from Russia and Russia as we know has pretty ill attitude and geopolitical stance towards the west, including countries like Australia, so they don’t prosecute cybercriminals.”

Dr Martin says businesses also bear some responsibility.

“I think also there’s a real onus on corporate Australia to ensure that they’re implementing robust cybersecurity practices, and that they’re also not storing customer data that they don’t need,” Dr Martin says.

A close up shot of a man smiling at the camera.

Dr Martin says Australian companies are attractive targets for cybercriminals.(Supplied: James Martin)

So what should Australian businesses do in the middle of this cyber crime wave? Here’s what our experts say.

Don’t pay a ransom

It’s tempting to cough up cash to cybercriminals with the promise that they’ll go away, but Mr Sentonas from CrowdStrike says that’s far from the truth.

“The more people pay a ransom, the more motivation there is for attackers to come back,” he says.

“We actually see examples where people have paid a ransom and the adversary comes back to the same company because they know they’ve paid once, they’ll pay again.”

Dark silhouette of a person wearing a hoodie.

Experts recommend not to pay a ransom to cybercriminals.(ABC News: Lisa Batty)

Make sure all your security is up to date

That way, you’ve got cutting edge technology protecting you, making it as difficult as possible for hackers.

“You can focus on hygiene and you can make sure your machines are up to date and they’re patched. You can make sure that you use the right level of cybersecurity,” Mr Sentonas said.

“Use next generation cybersecurity that uses a combination of AI plus threat hunting, which is critically important,” he said.

Be open to good Samaritans

Mr Bell from NSB Cyber says that in his line of work, he comes across Australian businesses who don’t even know they’ve been hacked.



Source link

——————————————————–


Click Here For The Original Source.

.........................

National Cyber Security

FREE
VIEW