April 16, 2024by Shir David

Cybersixgill’s Access Currently for Sale - high-value intelligence just got even better

What can $10 get you on the dark web? Not only peace of mind but the ability to stop costly attacks and data breaches. 

Knowing where an organization’s compromised devices, account logins, and other critical data are for sale in underground markets is a tremendous advantage for cyber defenders. As reported in our State of the Underground 2024, the rise of stealer malware has contributed to the increase in underground Initial Access Broker (IAB) markets offering the sale of compromised machines, or endpoints over the past few years. These IAB markets, and the compromised devices they offer, have been linked to several high-profile data breaches and ransomware attacks around the globe. 

Access Currently for Sale is critical intelligence accessible to our customers through the Identity Intelligence module within our Investigative Portal. And it’s gotten even better, as we recently made some enhancements to make it even easier for users to quickly see this valuable information.

A new component is now available in the portal showing IAB data on a dedicated page,  offering a centralized view of all compromised devices and accounts related to the monitored assets and providing easy access and analysis of the intelligence. The tab is regularly updated to reflect the latest intelligence collected from the IAB markets. Additionally, the intelligence is enriched with new information to make it more relevant to the organization. Want to see how it works? Watch our product overview video.
Access Currently for Sale video thumbnailEach asset or piece of information available for sale in the underground is now categorized by type so users can prioritize remediation activities. For customers with a services package, Cybersixgill helps customers address the issue of the compromised access, allowing users to stop the access from being exploited.

“Shifting Left” on Intelligence to Streamline Cyber Defense Efforts

Cybersixgill automatically collects all available intelligence on compromised devices offered for sale in IAB markets –  that have not yet been exploited or weaponized – in real-time and at scale. The new Access Currently for Sale tab enables users to “shift left” (or take preemptive action) on intelligence by offering a streamlined view of the organization's exposure to underground markets and displaying information about compromised devices, typically via stealer malware, that are available for purchase. This high-value data is based on the assets (e.g., domains and IPs) derived from the organization’s attack surface inventory and can be filtered by region or asset type, empowering end users to more easily prevent the exploitation of compromised devices and protect the organization from an attack.

The new enhancement also classifies every compromised account and host available on these IAB markets by type, enabling users to assess and prioritize risk from compromised accounts such as Slack, Jira, Salesforce, and others. To help teams distinguish between low-risk (e.g., personal use entertainment or recreational apps) and highly sensitive accounts, we classify every compromised account and host available on IAB markets by 10 distinct categories:

  • Communication - e.g. Slack, Teams, Zoom, Webex

  • Cloud services - e.g. Microsoft Azure

  • Database - e.g. MongoDB

  • Sec/Dev/Ops - e.g. Jira

  • Business and project management - e.g. Monday

  • Finance and HR - e.g. Salesforce

  • File sharing - e.g. Dropbox

  • Remote access - e.g. Citrix

  • Identity management - e.g. Okta

  • Customer support - e.g. Zendesk

Cybersixgill also offers takedown services to customers with a subscription in two critical ways:

  1. Takes down compromised access from the underground market, blocking threat actors from purchasing access and exploiting the asset.

  2. Provides an analysis to help users understand the compromise, its potential impact, and context.

More information about Cybersixgill’s new Access Currently for Sale intelligence feature is available here.

You may also like

A close-up, detailed, and vibrant image of a microscopic cell with numerous tentacle-like extensions, depicted in shades of pink and purple against a blurred blue background.

May 15, 2024

Black Basta's Devastating Attack on a US Hospital System: Lessons Learned and Protective Measures

Read more
Screen showing a malware alert

May 09, 2024

New 'Latrodectus' Malware Linked to Notorious 'IcedID' Developer: A Deep Dive into Targets, Potential Impact, and Remediation Steps

Read more
Chris Strand-Thumbnail

May 07, 2024

Enhancing Security Posture with Cyber Risk Intelligence Part 2

Read more