Initial access brokers (IABs) on the cybercriminal landscape were found selling access to 576 networks of numerous corporations worldwide, with a collective sales price of over $4 million. The researchers said that the cumulative sales price has soared despite the stagnant number of sales for corporate network access for the last two quarters.
The findings are based on 2022’s Q2 total value of initial corporate network access listings, with only $660,000. This record gives a wide gap between the current collective sales price for the 576 networks found being sold on the dark web in the present quarter.
The IABs selling corporate network access usually acquire their listings through hacking, credential theft, webshells, or abusing critical flaws in publicly exposed hardware.
The acquired corporate network access was then offered on underground forums for interested threat actors, which they utilise for other cyberattacks, such as ransomware deployment. IABs prefer not to take advantage of the access because they may lack the required high-level intrusion skills or avoid risks from law enforcement authorities.
Recent observations for the third quarter of this year revealed that about 110 threat actors had posted 576 initial corporate network access on the dark web, with a total cumulative selling amount of $4 million.
Researchers saw one of the highest-priced corporate network access listings with about $3,000,000 for a single access. This listing was not considered for the third quarter of 2022 because of its dubious authenticity.
Furthermore, the top IABs in the threat landscape have large-scale operations, with offers ranging from 40 to 100 accesses for sale for the third quarter. The average time for the IABs to sell these listings was less than two days.
The US is the most targeted country this quarter, with 30.4% of all listings from IABs. On the other hand, the most targeted sectors include tech, manufacturing, and professional services, which account for 13.4%, 10.8%, and 9.4% of the listings.
Experts highlight that the findings share a similar ranking with ransomware attacks, implying an integral connection between the two cybercriminal activities. Users must implement strong network security to protect their corporate networks from hackers.
