Source: Threat Research
Source Reliability: Trustworthy
Information Reliability: Plausible
Motivation: Cyber Crime
Source Category: Darknet
Severity: Low
Summary
Threat Research Report: Uncovering the Activities and Tactics of Threat Actor ‘Big-Bro’
In our latest report, Threat Research delves into the operations of a skilled and elusive adversary known as ‘Big-Bro,’ who poses a significant threat to organizations worldwide. This threat actor, also referred to as an Initial Access Broker (IAB), specializes in selling access to compromised organizations to other cybercriminals.
Monitoring the activities of ‘Big-Bro’ closely, we have identified their preferred targets, which include organizations utilizing popular VPN services such as Ivanti Pulse Connect Secure, Citrix Netscaler Gateway, and Cisco AnyConnect VPN, among others. By exploiting vulnerabilities in these services, ‘Big-Bro’ gains illicit access to a wide range of organizations across sectors and geographies.
To carry out their illicit activities, ‘Big-Bro’ leverages the Russian-language cybercrime forum, ‘Exploit,’ as their primary platform. However, they engage in private communications using the ‘Tox’ instant messaging platform, ensuring a higher level of privacy and security. Additionally, ‘Big-Bro’ capitalizes on the visibility provided by other forums such as RAMP and XSS by advertising their services, thus maximizing their potential sales.
One notable aspect of ‘Big-Bro’s’ tactics is their use of stealer logs to harvest credentials. This approach implies that victim organizations are not specifically targeted but rather opportunistically exploited. By gathering these credentials, ‘Big-Bro’ capitalizes on the ability to provide compromised access to interested parties. Remarkably, the prices charged for this illicit access range from relatively low figures of USD 300 to USD 5,000, with an average price of just USD 1,270. This indicates that ‘Big-Bro’ employs a flexible pricing strategy based on the perceived value of the targeted entities.
The impact of ‘Big-Bro’s’ activities is noteworthy due to the wide range of sectors and geographies affected. This broad targeting approach suggests that the threat actor prioritizes quantity and volume in their operations. Consequently, organizations of all types must be vigilant against potential breaches and take necessary precautions to secure their networks and systems.
In light of these findings, we recommend several measures to mitigate the risk posed by ‘Big-Bro’ and similar threat actors. Firstly, organizations must ensure that their VPN services are up to date, regularly patching any vulnerabilities. It is crucial to keep an eye on advisories and security alerts issued by the service providers. Secondly, implementing multi-factor authentication can significantly enhance security, adding an extra layer of protection against compromised credentials. Thirdly, organizations should closely monitor their network traffic and implement behavioral analysis techniques to identify any suspicious activities.
Furthermore, collaboration between organizations and threat intelligence providers is key in combating adversaries like ‘Big-Bro.’ Sharing information about emerging threats and indicators of compromise can aid in proactively defending against potential breaches. By participating in information sharing initiatives and engaging in open dialogue, the collective defense against cyber threats can be strengthened.
In conclusion, ‘Big-Bro’ presents a significant threat to organizations worldwide, leveraging their proficiency in exploiting VPN service vulnerabilities. However, by understanding their tactics and taking appropriate measures, organizations can fortify their defenses and mitigate the risk posed by this and similar threat actors. Stay vigilant, keep systems updated, and foster collaboration to safeguard against evolving cyber threats.