)
What can $10 get you on the dark web? Not only peace of mind but the ability to stop costly attacks and data breaches.
Knowing where an organization’s compromised devices, account logins, and other critical data are for sale in underground markets is a tremendous advantage for cyber defenders. As reported in our State of the Underground 2024, the rise of stealer malware has contributed to the increase in underground Initial Access Broker (IAB) markets offering the sale of compromised machines, or endpoints over the past few years. These IAB markets, and the compromised devices they offer, have been linked to several high-profile data breaches and ransomware attacks around the globe.
Access Currently for Sale is critical intelligence accessible to our customers through the Identity Intelligence module within our Investigative Portal. And it’s gotten even better, as we recently made some enhancements to make it even easier for users to quickly see this valuable information.
A new component is now available in the portal showing IAB data on a dedicated page, offering a centralized view of all compromised devices and accounts related to the monitored assets and providing easy access and analysis of the intelligence. The tab is regularly updated to reflect the latest intelligence collected from the IAB markets. Additionally, the intelligence is enriched with new information to make it more relevant to the organization. Want to see how it works? Watch our product overview video.
Each asset or piece of information available for sale in the underground is now categorized by type so users can prioritize remediation activities. For customers with a services package, Cybersixgill helps customers address the issue of the compromised access, allowing users to stop the access from being exploited.
“Shifting Left” on Intelligence to Streamline Cyber Defense Efforts
Cybersixgill automatically collects all available intelligence on compromised devices offered for sale in IAB markets – that have not yet been exploited or weaponized – in real-time and at scale. The new Access Currently for Sale tab enables users to “shift left” (or take preemptive action) on intelligence by offering a streamlined view of the organization's exposure to underground markets and displaying information about compromised devices, typically via stealer malware, that are available for purchase. This high-value data is based on the assets (e.g., domains and IPs) derived from the organization’s attack surface inventory and can be filtered by region or asset type, empowering end users to more easily prevent the exploitation of compromised devices and protect the organization from an attack.
The new enhancement also classifies every compromised account and host available on these IAB markets by type, enabling users to assess and prioritize risk from compromised accounts such as Slack, Jira, Salesforce, and others. To help teams distinguish between low-risk (e.g., personal use entertainment or recreational apps) and highly sensitive accounts, we classify every compromised account and host available on IAB markets by 10 distinct categories:
Communication - e.g. Slack, Teams, Zoom, Webex
Cloud services - e.g. Microsoft Azure
Database - e.g. MongoDB
Sec/Dev/Ops - e.g. Jira
Business and project management - e.g. Monday
Finance and HR - e.g. Salesforce
File sharing - e.g. Dropbox
Remote access - e.g. Citrix
Identity management - e.g. Okta
Customer support - e.g. Zendesk
Cybersixgill also offers takedown services to customers with a subscription in two critical ways:
Takes down compromised access from the underground market, blocking threat actors from purchasing access and exploiting the asset.
Provides an analysis to help users understand the compromise, its potential impact, and context.
More information about Cybersixgill’s new Access Currently for Sale intelligence feature is available here.
)
)
)
)