An Executive’s Guide To The Cybercrime Underground

An Executive’s Guide To The Cybercrime Underground

David Carmiel, KELA's CEO

In recent years, the cybercrime underground has become increasingly sophisticated and profitable by preying on vulnerable organizations. As a result, security leaders must gain visibility into what happens in this underground network of illegal activity to protect their organizations from emerging threats and accurately assess their risks. In this article, I will explore the current state of the cybercrime underground, including its definition, motivations, actors and methods. I will also provide recommendations for security leaders on defending their organizations against emerging threats.

The cybercrime underground is a term for virtual sites, methods, platforms and tools with which threat actors congregate and communicate to sell their ill-gotten gains and purchase criminal services and products.

Online forums are an illustrative example of where threat actors conduct illegal commercial activities. Forums provide an effective platform for threat groups, their peers and their potential customers to discuss tactics, technologies and procedures. These virtual venues allow criminals to recruit talent and engage in illegal commerce.

7 ways to protect your organization from cyber threats

7 Easy Steps To Bolster Your Threat-Resilience Capabilities [Checklist]

Many organizations struggle with determining the initial steps and selecting an action plan when it comes to addressing the proactive approach required for effective defensive strategies against cyber threats.

Our complimentary checklist outlines a comprehensive set of 7 crucial first steps for initiating a robust cyber threat intelligence program within your company.

Whether your organization already has security measures in place or is in the process of establishing a strong cybersecurity posture, this checklist can serve as a valuable resource.

We encourage you to download and utilize it to assess your current processes and establish cybersecurity priorities for the year 2023.

Delving into new inforstealers 2023 Report

Delving Into The Emerging Infostealers Of 2023 [Report]

The risk of cyber attacks by information stealers poses a threat to organizations in the last few years and continues to be a significant concern for companies in 2023. The emergence of new infostealers highlights the ongoing efforts of cybercriminals to create new tools for stealing sensitive data.

Organizations must stay up to date about new infostealers in order to remain vigilant and protect themselves against these evolving threats. We’re happy to share this FREE report with you to arm you with more knowledge!

Read KELA’s latest  Delving Into The Emerging Infostealers of 2023 Report to learn about:

  • New infostealers like Titan, LummaC2, Whitesnake, and others recently emerged from the cybercrime underground that have already gained popularity among threat actors.
  • The most popular illicit markets and channels for distributing stolen data.
  • Outlook on infostealers for 2023 and what to anticipate.

Ransomware Victims and Network Access Sales in Q1 2023

The massive ransomware campaign that targeted thousands of ESXi servers in early 2023 highlights the continuing danger posed by ransomware and extortion groups to organizations worldwide.1 KELA observed an increase in ransomware and extortion attacks and sales of network access (an important part in ransomware gangs’ supply chain) in Q1 2023 compared with the average metrics of 2022.

Attacks on MSPs: How Threat Actors Kill Two Birds (and More) With One Stone

Yael Kishon, Threat Intelligence Analyst

Managed service providers (MSPs or MSSPs) have become a vital part of many companies, providing a range of IT services and support to keep operations running smoothly. At the same time, MSPs become attractive targets for cybercriminals aiming not only to compromise assets of a single company, but also to increase the number of potential victims and to target a wide range of third parties. In this blog, we examine the ongoing interest of threat actors in the cybercrime ecosystem targeting MSPs and IT companies.

Initial access brokers (IABs) — threat actors who sell network access on cybercrime forums — seem to actively compromise MSPs.

Network access is a broad term that is used to describe multiple different vectors, permission levels, and entry points. The offering can include SQL injection, remote desktop protocol (RDP) credentials, or the ability to change from user to admin privileges. The actors selling such network access types provide an initial entry point to a compromised network that can be further leveraged by other cybercriminals. The most common type of access is offered through RDP or VPN access. Threat actors define specific attributes of their ideal victim based on the geographies, sectors and revenue of the victim.