Organizations are at growing risk from Initial Access Brokers
Digital Shadows highlighted the growing role of Initial Access Brokers within the criminal ecosystem within its Initial Access Brokers Report. Rather than infiltrating an organization deeply, this type of threat actor operates as a ‘middleman’ by breaching as many companies as possible and goes on to sell access to the highest bidder – often to ransomware groups. Their method of operating is flourishing during the pandemic as employees increasingly log in to systems remotely. Cybercriminals are exploiting this by scanning at scale for vulnerabilities which allow remote access such as in virtual private networks (VPNs) and selling this on.
Digital Shadows has been studying this class of criminal since 2016, however in the last year it has detected a notable increase in their activity and listings. Many criminal marketplaces have reorganized to bring such advertisements into dedicated sections and currently number some 500 in a snapshot that Digital Shadows has taken of the most popular forums. Many sellers have good feedback from other criminals, indicating their claims are genuine.