Threat actors can purchase this access and use it to deploy ransomware or steal sensitive data or financial resources.

 Threat actors can purchase this access and use it to deploy ransomware or steal sensitive data or financial resources.

Monitoring IAB forums can provide early warning that malicious actors have compromised devices. IABs never list the exact company name but generally provide enough detail that if your organization is a victim, there is a reasonable chance you can identify it.IABs are also deliberately seeking out stealer logs to gain access to IT infrastructure. An IAB may purchase an infected device for $10 from Russian Market, use the credentials to gain access, escalate privileges, then list the access for sale on Exploit.in with bids starting at $20,000.Screenshot of an IAB seeking to purchase stealer logs on Exploit.inRansomware Extortion and Data Breach Pages

Ransomware isn't what it used to be. Ransomware groups are becoming decentralized, with many groups providing the source code for ransomware and handing off the work of infecting companies out to affiliates for a cut of the ransom payment. In addition, the ubiquity of backup and recovery solutions has caused many groups to entirely ditch encryption and instead focus on data exfiltration tactics involving data theft and disclosure, targeting individual employees, or targeting third parties of the victim organization,

Another disturbing trend in the cybercriminal underground is ransomware extortion and data breach blogs. Threat actors use these blogs to publicly shame and extort victims by threatening to leak sensitive data if they do not pay ransom. This tactic has proven to be highly effective, as organizations fear the potential legal and reputational consequences that could arise from a data breach.