Attackers typically need only 224 seconds to gain control of a corporate network and hand it over to the next group of attackers, compared to an average of eight hours previously. Attack speed has increased as Initial Access Brokers and associated groups continue to automate their operations. This trend is highlighted in the annual M-Trends 2021 report by Mandiant Intelligence, the incident response division of Google Cloud. Experts analyzed more than 500,000 hours of incident response data. The data suggests that manual defense at this pace has only minimal chances of success. Initial Access Brokers and ransomware members are involved. Initial Access Brokers (IABs) offer network access obtained from other parties for sale. These accesses are enabled through stolen VPN credentials, compromised Citrix or Fortinet sessions, compromised RDP servers, or exploits in Confluence, Exchange, and Edge routers. Price lists can be found on various forums tailored to the victim’s industry, income, and specific circumstances.
ComputerWeekly.de