Since Digital Shadows published its first report last year, Initial Access Brokers: An Excess of Access, the company has continued to closely monitor the IAB criminal category. Where it tracked roughly 500 IAB listings in all of 2020, already in 2021 it has found some 200 new listings published by IABs in cybercriminal forums and other dark web sources in just Q1.

IABs have continued to actively operate in underground criminal forums and provide third-party threat actors with continuous access to vulnerable organizations’ networks. Key findings from this quarterly report include:

  • European companies were the most targeted by IABs so far in 2021, comprising 45% of victim listings in cybercriminal forums.  
  • North American companies were the second most targeted by Initial Access Brokers in 2021, comprising 29% of victim listings in cybercriminal forums— Photon Research
  • The average price of IAB listings also dropped by 73% from $7100 to $1923 per access in Q1 of 2021, assumingly from increased supply.
  • 75% of listings offering access through compromised Remote Desktop Protocol (RDP). RDPs confirmed their role as a primary choice for Initial Access Brokers to exploit unsecured channels.

This quarterly report highlighted a lowered average cost for the accesses being sold by these cybercriminals and a strong focus on RDPs. Whether this data will remain constant in Q2 or whether internal or external factors will affect their environment remains to be seen, researchers at Digital Shadows researchers say. This quarterly analysis of IABs’ listings additionally provided further insights into this cybercriminal category’s evolving landscape. Looking ahead, one of the most intriguing aspects of this phenomenon relates to the price and the variety of access types being used by IABs over the coming months. 

Monitoring its evolution over time and IABs’ preferred techniques can significantly help security professionals prioritize their efforts to reduce their attack surface and digital exposure, says Digital Shadows. The wide variety of industries and countries targeted means that any company is at risk of being targeted by these cybercriminals. Additionally, IABs tend to pick their victims based on opportunistic calculations. This means that making yourself a difficult target for the least sophisticated actors is one of the best defense strategies against these cybercriminals.

If interested in specific mitigations for several access types, feel free to download Digital Shadows's free Initial Access Brokers research report.