New details have emerged on the activity of the infamous Fxmsp hacker that last year was advertising access to the networks of three cybersecurity vendors. Researchers tracking Fxmsp’s ventures on underground forums counted the network intrusions associated with this actor and revealed the presumed identity of the attacker.
Researchers at Group-IB examined Fxmsp’s exposure in the public areas of the forums where they were advertising their business, assessing that the actor breached networks of at least 135 companies in 44 countries. Among the targets are small and medium-sized enterprises (SME), government organizations, banks, and Fortune 500 companies. Group-IB’s conservative estimate is that in 3+ years (since 2016) Fxmsp made at least $1.5 million from selling network access.
The staggering amount of money that the Fxmsp hacker made selling access to corporate networks speaks to the problem that security professionals are fighting against; Namely the incredible amount of money involved. That the corporate networks in question were compromised in the first place speaks to highlights the massively benefits of access control, and how access control protects organizations and individuals Information Assets, including customer data, employee PII data, financial data, health related data. All these data types also have regulatory and compliance requirements that need to be met. Access Control mechanisms including multi-factor authentication support with both from a compliance and risk perspective.