KELA Expands Intel Resources by Monitoring Remote Access Markets in Dark Net

To assist its partners in detecting any threats directly targeting them, the Israeli company's Cyber Intelligence Center has recently begun automatically gathering information from stores offering access to compromised servers and websites

Photo: Bigstock

As servitization of the underground world continues to thrive, Israel's KELA Targeted Cyber Intelligence, a global Dark Net threat intelligence provider, announced on May 14 the addition of a new information source type to their technologies – Remote Access Markets.
 
As a core commitment to all partners, a team of dedicated analysts from KELA are continually following underground trends in order to understand shifts in the ever-changing threat landscape. As part of this service, KELA's Cyber Intelligence Center has recently begun automatically gathering information from stores offering access to compromised servers and websites, among them, MagBo, which initially hit the headlines in 2018 but resurfaced again on May 14.
 
Raveed Laeb, product manager at KELA, explained the significance and relevancy of beginning to monitor this and other similar markets. "The trend of easily purchasing services from the Dark Net isn't very new, we've seen it with malware-as-a-service markets, such as the Genesis Marketplace, and we're seeing it apply to other areas, such as with remote access markets, introducing access-as-a-service," Laeb said following the release of KELA's recent report on Remote Access Markets.
 
"MagBo is an invite-only automated market for diverse products specializing in Remote Access credentials, and specifically in web shells. Our mission is to assist our partners in detecting any threats directly targeting them, which is why we began gathering intelligence from these markets. Now, we're able to automatically monitor compromised servers and websites; combining that with assistance from our intelligence analysts, we can help our partners remediate these types of threats in real time."
 
According to KELA's report, since its launch, MagBo has managed to accumulate nearly 150,000 compromised websites – including those belonging to financial institutions, government organizations and critical infrastructure around the world – mostly via selling access to web shell malware deployed on their servers. KELA said that gaining visibility into MagBo, as well as other Remote Access Markets, is a crucial intelligence feed for defenders.
 
KELA's recent report, Access-as-a-Service – Remote Access Markets in the Cybercrime Underground addresses several key points: rise and development of access-as-a-service ; breakdown of the MagBo marketplace – its products, scale, advantages, and more; what enterprises and law enforcement agencies gain from these markets; and what defenders can and should do to deter attacks that result from leveraging information on these markets.
 

You might be interested also