Flare, the premier Continuous Threat Exposure Management (CTEM) solutions provider, has published a revealing new report examining the cyber threat ambience engineered by initial access brokers (IABs) on Russian-language hacking forums, particularly focusing on threats to NATO nations.
IABs have rapidly emerged as notable contributors to the cybercrime ecosystem. They captain the surreptitious accessing of systems and leverage assorted techniques, such as spear-phishing, capitalising on unaddressed vulnerabilities, and using leaked or stolen credentials, all primarily to establish persistent intrusion within these digital environments.
The recently released report is fortified by a thorough analysis of numerous IAB posts on these online hacking forums that were conducted by Flare. The study highlights recent operations underway in 21 of the 31 NATO countries, underlining the sweeping influence and continual menace that IABs represent to both national security and economic equilibrium.
The research report spotlighted an observable pattern: an unwavering proclivity amongst the malefactors for targeting critical infrastructure sectors within NATO member states. The strategic value of these sectors empowers IABs to command higher prices in the realm of cybercrime. The anonymous character of the IAB posts, coupled with the studied efforts by these threat actors to hide vital specifics, adds a layer of complexity to identifying potential victims.
A disconcerting trend identified by the analysis is the increasing incidence of targeted cyberattacks on the US defence sector, along with a corresponding climb in the asking rate for access to US defence contractors. This pattern reflects the premium placed on these targets and implies that the threat actors acknowledge the far-reaching impact resulting from the infiltration of defence-related systems.
Flare’s VP Marketing, Eric Clay, elucidated the intricate sense of the new cyber landscape. "Geopolitics are no longer isolated from cybercrime," Clay stated. "As global tensions have increased we’ve seen a spillover where nation-states may directly leverage cybercrime groups to further their aims."
To shed greater light on the threat landscape fashioned by IABs against entities in NATO member states, Flare's report offers a momentary glimpse at recent IAB sales from the Exploit forum. The transactions, largely occurring in 21 NATO countries during the period of 2023-2024, barely scratch the surface of the sheer quantity of IAB listings.
The publication of this report by Flare underscores the significant implications of IABs gaining illegal access to the sensitive information of NATO member states. The report offers a comprehensive analysis and a detailed dissection of the potential threats and their ramifications on the geopolitical stage.