Initial access broker
Hacker selling access to hacked computers
Initial access brokers (or IABs) are cyber threat actors who specialize in gaining unauthorized access to computer networks and systems and then selling that access to other threat actors such as ransomware. IABs are parts of ransomware as a service economy, also called "cybercrime as a service economy".[1][2]
Description
IABs use a variety of methods to gain initial access, including exploiting vulnerabilities in remote access services like RDP and VPNs, bruteforcing login credentials, and leveraging malware that steals account information. Access are often sold on auctions in underground criminal forums or directly provided to ransomware affiliate groups to expedite attacks.[3][4]
IABs seek access to virtual private networks, remote desktop protocol, Web applications, and email servers. Email services will be used to commit spear phishing and business email compromise (BEC).[5]
In 2020, the average price for a network access is $5,400. The median price is $1,000.[1]
By providing initial access, IABs allow other cyber criminals like ransomware groups to more quickly infiltrate networks and launch attacks without wasting time to gain entry themselves. This access as a service model - in analogy to the software as a service model - provides scalability and efficiency to cybercriminal operations. Ransomware in particular has benefited from collaboration with IABs.[3]
References
- ^ a b David, Efrat (2021-08-02). "All Access Pass: Five Trends with Initial Access Brokers". KELA Cyber Threat Intelligence. Retrieved 2024-01-15.
- ^ "Actions to Take to Defeat Initial Access Brokers". www.darkreading.com. Retrieved 2024-02-06.
- ^ a b "Initial Access Brokers How They're Changing Cybercrime". CIS. Retrieved 2024-01-15.
- ^ "The Initial Access Broker Economy: A Deep Dive into Dark Web Hacking Forums". BleepingComputer. Retrieved 2024-02-06.
- ^ "Actions to Take to Defeat Initial Access Brokers". www.darkreading.com. Retrieved 2024-02-06.
See also
- BlackCat (cyber gang)
- Clop (cyber gang)
- Conti (ransomware)
- Dridex
- Royal (cyber gang)
- v
- t
- e
Hacking in the 2020s
| ← 2010s | Timeline | 2030s → |
- Anonymous
- Anonymous Sudan
- Berserk Bear
- Clop
- Cozy Bear
- DarkMatter
- DarkSide
- Dridex
- Ghostwriter
- GnosticPlayers
- Guacamaya
- Hafnium
- IT Army of Ukraine
- Killnet
- Lapsus$
- LightBasin
- Lockbit
- REvil
- Sandworm
- Sakura Samurai
- ShinyHunters
- Wizard Spider
publicly disclosed
- SMBGhost (2020)
- Thunderspy (2020)
- PrintNightmare (2021)
- FORCEDENTRY (2021)
- Log4Shell (2021)
- Account pre-hijacking (2022)
- Retbleed (2022)
- Downfall (2023)
- LogoFAIL (2023)
- Reptar (2023)
- Terrapin (2023)
- GoFetch (2024)
| 2020 | |
|---|---|
| 2021 |
|
| 2022 |
|
