Access-as-a-Service – Remote Access Markets in the Cybercrime Underground

Raveed Laeb, Product Manager

Remote Access Markets are automated stores that allow attackers to exchange access credentials to compromised websites and services. As such, they represent an endless stream of opportunities for attackers; buying access to an organization as a service lowers the skill bar for further exploitation and exposes organizations to a plethora wave of online threats – from ransomware to card skimming.

This blog will review one prominent Remote Access Market out of the several tracked and monitored by KELA – MagBo. This store is unique in a few different aspects, but mostly in volume of goods: over two years of operations, it featured access to nearly 150,000 compromised websites – including financial institutions, government organizations and critical infrastructure around the world – mostly via selling access to web shell malware deployed on their servers. KELA advocated that gaining visibility into MagBo, as well as other Remote Access Markets, is a crucial intelligence feed for defenders.

The Duties Beyond Assisting the Public: Darknet Threats Against Canadian Health & Support Organizations

Noy Reuveni, Threat Intelligence Team Leader

As if a global pandemic crisis isn’t enough, organizations focused on the health and support of citizens have been forced to combat not only a widespread virus (and the public needs that come with it), but also threats coming at them from the underground world. As the pandemic continues to affect all types of both private- and government-affiliated organizations worldwide, KELA’s Cyber Intelligence Center took a look into various assets pertaining to Canadian health and support organizations to assess how their attack surfaces may be affected. This blog post will highlight just a couple of darknet findings that our team has detected, which exemplify how threat actors are targeting these types of organizations in Canada.