In a recent cyber breach, hackers have laid claim to penetrating a prominent multi-billion dollar auction house’s network. Their audacious offer? Selling the access to the highest bidder for the sum of $120,000. This alarming development reveals the dark world of cyber breach, where even the most privileged data can become a marketable commodity.
Discovery of Expensive Network Access
The Hacker’s Market
Security specialists unearthed the shocking advertisement on a hacker forum notorious for its connections with initial access brokers (IABs). A close examination of 72 posts led them to this disturbing find.
Three-Month Analysis by Flare
Researchers at the threat intelligence company Flare conducted a rigorous three-month study on the Russian-language hacker forum Exploit. The goal was to unravel the targets, the asking prices, and the identities of the most active hackers.
Overview of Cyber Breach
Between May 1st and July 27th, advertisements were made for unauthorized access to over 100 companies across 18 different sectors. These sectors ranged from defense, telecommunications, and healthcare to financial services.
Insights from the Flare Report on Cyber Breach
Targeting by GDP
Eric Clay, the vice president of marketing at Flare, highlighted that attacks were mainly focused on companies in the U.S., Australia, and the U.K. These choices correlate with their substantial GDP.
Most Targeted Industries for Cyber Breach
According to Clay’s report, finance and retail sectors topped the list, followed by construction and manufacturing.
Prices for Access
Prices varied widely, starting at a mere $150 for initial access through VPN or RDP. Around one-third of the listings were under $1,000, but the most expensive access cost was $120,000 for a renowned auction house.
Unique High-End Access
The hackers claimed privileged backend access to high-end auctions, such as Stradivarius violins or rare collectible cars. Few details were revealed, but the gravity of the situation is clear.
Geographic Focus of Cyber Breach Attacks
Avoidance of Certain Regions
The research exposed 35 alleged hacks outside the U.S., with a significant absence of targets in Russia, the Commonwealth of Independent States (CIS), and surprisingly, China – the world’s second-largest GDP holder.
An Exception in China
Clay inform BleepingComputer of a rare case where network access to a Chinese artificial intelligence company was listed.
Access Methods
The analysis showed that 60% of the listings in the dataset were through RDP or VPN. Access levels ranged from cloud administrator to local admin and domain user.
Other Offers
Clay noted offers including privileged access to a U.S. radio station, potentially to run unauthorized advertisements, and access to backup systems potentially useful for ransomware operations.
Protective Measures for Companies Against Cyber Breach
Implement Monitoring
Companies must deploy monitoring mechanisms for information-stealing malware, a frequent source of corporate credentials.
Observe Hacker Forums
Monitoring the forums where IABs peddle their offers may reveal clues about potential compromises.
Investigate Potential Cyber Breach
Combining clues like geography, revenue, industry, and access type can spark investigations into potential breaches. This process might reveal weak security spots, aiding in strengthening overall security.
Conclusion
This bold cyber intrusion into a major auction house’s network and the subsequent offer of sale provides a chilling glimpse into the ever-expanding world of cybercrime. The need for robust security measures, constant vigilance, and proactive investigation has never been more pressing. Companies must recognize the reality of these threats and take action to shield themselves from the pernicious reach of modern hackers.
