ware operators have begun actively reaching out to underground vendors of corporate network access to avoid the hassle of cyber attacks. The Accenture Cyber Threat Intelligence team has published research findings on emerging cyber security trends, highlighting the nature of the relationship between ransom ware operators and exploit vendors.

During attacks, ransom ware operators must first find a network entry point. Hacked employee accounts, misconfiguration on public systems, and vulnerable endpoints can be exploited to deploy malicious code, resulting in encryption of files, drives and demanding payment in exchange for the decryption key.

According to experts, the acquisition of network access points and already proven methods of penetrating

the target system are becoming more popular, including the purchase of stolen credentials and exploits.

Network access sellers usually first discover the vulnerability and then sell the information they need to

hackers on underground forums for prices ranging from $ 300 to $ 10,000.

“A successful ransom ware attack depends on developing and maintaining stable network access, which

carries a higher risk of detection and takes time and effort. Access vendors are filling this market niche f

or ransom ware groups, ”the experts explained.
Experts from Accenture have identified over 25 sellers of continuous network access. Many of the vendors

are active on the same underground forums popular with gangs like Maze, Net Walker, Sodinokibi, Lock bit, Avedon, etc.