Security researchers found that initial access brokers (IABs) sold corporate access on the dark web in the last year, doubling the number in the last 12 months, and the number of brokers has also surged. bottom.
Group-IB found 2,348 instances of IAB sales activity between the second half of 2021 and the first half of 2022. The number of countries with victim organizations also increased, increasing by 41% over the period to a total of 96.
U.S. companies were most frequently targeted, while manufacturing (5.8%), financial services (5.1%), real estate (4.6%), and education (4.2%) were the most frequently targeted sectors. .
According to Group-IB’s report, compromised RDP (36%) and VPN (37%) accounts were most commonly offered by the IAB. Tech Crime Trends 2022/2023.
The number of brokers also increased from 262 to 380 during this period and the price of IAB access dropped by 50% to $2800. This resulted in a slight reduction in the size of his IAB market worldwide, down 8.5% to $6.7 million.
Group-IB also found that the IAB market is saturated with logs captured by information-stealing malware. He recently discovered over 96 million logs for sale, including 400,000 highly popular single sign-on (SSO) logs that the threat actors behind the Uber breach bought for just $20. rice field.
Group-IB CEO Dmitry Volkov warns that these services are spreading cybercrime to people with limited technical skills.
“As remote work and SSO services became more prevalent, instances of corporate network accesses became more frequent in stealer logs. There will be one,” he warned.
“There is no silver bullet against such attacks. It highlights the need to improve cybersecurity across all layers, including monitoring underground cybercriminals for the sale of their networks.”
Ransomware attackers increased the number of victims last year, thanks in part to the thriving IAB market.
2886 companies published sensitive data on ransomware leak sites during the reporting period, up 22% year-on-year. However, there may be more victims who are not listed on such sites because they paid quickly.
