Police officials demonstrate the encryption and decoding process of a ransomware at the offices of the Seoul Metropolitan Police Agency in central Seoul on June 15, 2021. (Yonhap)
SEOUL, June 7 (Korea Bizwire) — Hacker groups specializing in initial compromise during the process of ransomware distribution are rampant this year.
Sales activity of “initial access brokers,” who sell cybercriminals access to corporate networks, has more than doubled compared to the same period last year, industry sources said Tuesday.
These brokers gain access to corporate networks through phishing and exploiting security vulnerabilities. They then sell this access on web pages or forums that cannot be detected through search engines.
Mainly operating in countries like Russia, they trade access to corporate networks via virtual private network (VPN) or remote desktop protocol (RDP).
Some of these brokers even engage directly with security personnel. Worldwide, approximately 300 to 400 hacker groups were operating as of last year.
“In line with the market trend of providing initial compromise as a service, an ecosystem is being established where individuals can easily attempt penetration and attacks without professional knowledge and acquire financial benefits,” said Lee Ho-seok, an official at cybersecurity service provider SK shieldus Co.
Kevin Lee (kevinlee@koreabizwire.com)
