Wholesale Access Markets and Ransomware

Major ransomware attacks can start with endpoint access purchased for $10 by bad actors on underground markets.

Download Now

The first stage of an active cyberattack is initial access, which establishes an “initial foothold within a network.” This step is difficult to perform, and therefore many aspiring attackers can purchase network access from threat actors with specialized skills.

There are two broad categories of access-as-a-service for sale on the underground, initial access brokers (IAB), which auction access to companies for hundreds to thousands of dollars, and wholesale access markets (WAM), which sell access to compromised endpoints for around $10.

WAMs are flea markets. The prices are low, the inventory is enormous (they listed access to ~4.3 million endpoints in 2021), and the quality is not guaranteed, as listings could belong to a random individual user or an enterprise endpoint.

In our research, we realized there is a way to attribute a WAM listing to an enterprise based on analyzing SaaS logins in the listing. Meaning, that WAM posts list resources to which the compromised endpoint is logged in. For-sale systems that are logged into enterprise software (Slack or Jira, for example) presumably belong to an enterprise, whose name is often mentioned in the URL. Download the full report to learn more.

Wholesale access markets

Download the Report

Discover how Cybersixgill’s products can support your business

Contact our experts to discover which solutions are the best fit for your company's needs

Book a demo

Recommended resources

Ebook

5 Cybersecurity Predictions for 2024

Our experts reveal their cybersecurity predictions for 2024, detailing how the next generation of threats and advanced cyber defense strategies will impact business and society in regions around the globe.

Read now
MSSP Ebook

CTI: A Formidable Weapon for MSSPs in Cyberwarfare

Our latest ebook discusses the value of CTI to cybersecurity and the overall business, enabling informed decisions and action to reduce organizational risk and the chance of being compromised.

Read now
Ebook

CTI: A Formidable Weapon in Cyberwarfare

Our latest ebook discusses the value of CTI to cybersecurity and the overall business, enabling informed decisions and action to reduce organizational risk and the chance of being compromised.

Read now