The latest analyses by our Computer Security Incident Response Team (CSIRT) are worrying: attackers are increasingly gaining access to infrastructures on the Darknet by explicitly searching for remote access solutions. A current warning – and urgent recommendation to companies.
Once the attackers have acquired the credentials, the actual attack follows: they steal data and then blackmail the affected companies. As this usually involves sensitive and critical data, companies (unfortunately) increasingly have no choice but to respond to the cyber criminals' ransom demands.
Our «Darknet-investigation special offer» for companies
We recommend you a Darknet-investigation to search for any stolen credentials offered for sale on Darknet marketplaces in connection with stealers. Our offer includes the following services:
Kick-off call & preparation
If required or if the risk situation is delicate, we purchase the credentials for sale on the darknet in the amount of 100$ and analyze them.
Summary Report
Are you interested? Simply fill out the form and place a binding order for the desired investigation. You will hear from us again as soon as possible. We look forward to exchanging ideas with you!
********************************************************************************************
Example of an affected, globally active industrial company with over 1,500 employees – including the attackers' original statement:
The following case that we recently investigated and which happened in exactly the same way: The attackers stole over 18 gigabytes of data due to credentials acquired on the Darknet. They then approached the victim company with a ransom demand. As the data was extremely sensitive, the company was forced to accept the demand and pay the ransom.
This message illustrates the fact that the actors are explicitly looking for remote access solutions – in this case Citrix. Since the attackers are opportunistic, they changed their objective at short notice and used the credentials acquired on the Darknet to access the cloud.
The attackers went one step further in their communication:
On the one hand, this example impressively demonstrates that the handling of company devices should be handled more professionally – and on the other, that one weak link in the chain is enough to cause (collateral) damage.
Prevention is better than aftercare. Therefore, commission InfoGuard's threat intelligence team for a professional Darknet-investigation.