How to Fight the Growing Threat of Access Brokers

Today’s cybercriminals are more intelligent, better organized, and more institutionalized. They are not hobbyists seeking knowledge or thrills; they are motivated by the illicit profits possible in online crime.

Nothing makes this more evident than the rise of access brokers. Access brokers are criminals that sell access privileges to a company’s systems, applications, and networks – as a service to other criminals. Access brokers obtain user credentials through various means, including credential stuffing, purchasing stolen user credentials, or using phishing to trick users into disclosing their credentials.

The most common customers for access brokers are ransomware operators. Once these criminals gain an initial access point into a company, they cleverly “land and expand,” escalating their privileges by gaining access to accounts with higher privileges, either by finding credentials for them or resetting existing credentials. Once on the network with privileged access, they can wreak havoc by stealing and leaking data to the public, encrypting data (making it inaccessible), and shutting down systems.

Perpetrators of ransomware have one aim: to extort money from victims. It's one of the most prolific criminal business models today, thanks to the multimillion-dollar ransoms criminals demand from individuals and corporations. These demands are straightforward: pay the ransom or have your operations severely compromised or shut down completely.

How significant is the ransomware problem?

It’s big! Between 2018 and 2023, ransomware attacks cost billions of dollars:

·       US healthcare organizations $7.8B

·       US schools and colleges $3.5B

·       US government organizations $70B

·       US businesses $20.9Bn

What Can You Do to Block Stolen Credentials Sold by Access Brokers?

It can be hard to detect and prevent when criminals use ill-gotten but legitimate user credentials. Typical approaches to this problem include identity proofing to validate that the person is whom they claim to be or multi-factor authentication (MFA), which requires the user to enter an additional credential. While these approaches are practical, they have two downsides:

1. They introduce friction to the user login process
2. They can be bypassed by sophisticated cyber criminals

Bottom line: trusting credentials, even document-proofed ones, is not enough.

3 Ways Verosint Signal-Based Identity Assurance Improves Account Security

That’s where Verosint’s signal-based identity assurance comes in.

Here are three ways that Verosint can enhance the process of identity proofing and multi-factor authentication to ensure that only legitimate users can access your online systems and applications:

1. Assess Risk in Real-Time: The Verosint platform assesses risk signals and orchestrates workflows accordingly, granting legitimate users a smooth, low-friction transaction path. In contrast, Verosint helps to challenge or block suspicious users automatically  to prevent criminal activity.
2. Take an Adaptive Approach: Verosint can complement both identity proofing and MFA solutions to provide adaptive, risk-based identity proofing and MFA. This combined approach verifies that users are who they say they are – both upfront and on an ongoing basis – and invokes proofing or MFA only when the detected risk is high.
3. Validate and Verify User Proofing: One of the most compelling features of adaptive, risk-based identity proofing and MFA is “verified SignalPrints,” which essentially increase the life of the proofing event by recognizing users that have already been proofed. Verified SignalPrints assure organizations the assurance that they are dealing with a legitimate customer, dynamically eliminating the need for proofing each time a customer returns to the website.”

Learn more about Verosint and Adaptive Identity Proofing and Adaptive Authentication to understand what’s possible and how you can employ a more risk-based approach to stopping criminals in their tracks.