A new Digital Shadows report reveals Initial Access Brokers (IABs) have consolidated their role in the cybercriminal landscape and have now become a central figure in the Ransomware-as-a-Service business model. 

At the end of Q1, Digital Shadows had analyzed over 200 new listings and provided a detailed examination of the data observed in dark web criminal forums, noticing an upward trend compared to 2020. Digital Shadows researchers are continuing to monitor these criminal actors to extract valuable insights into the victimology, the modus operandi, and the functioning of this complex environment. 

In their Q2 IAB review, researchers analyzed the data gathered over the second quarter of 2021 and comprehend them in the context of the most recent developments in the ransomware landscape. The market  for IABs listings hasn’t decreased at all in the past three months. On the contrary, in Q2, Digital Shadows collected over 250 accesses, an increase from the first quarter of 2021, listed for an average of $2,578 per access (a slightly higher number than the last quarter, which was $1,923). 

As observed in previous reports, North America and Europe have remained the most targeted regions by these actors, with a combined 70% of the total listings observed in Q2. While victims in North America were mostly based in the United States, the European targets were evenly spread out among several countries. The most targeted European country in Q2 was France, soon followed by the United Kingdom, Italy, and Germany.

Companies based in North America were also the most financially rewarding for IABs, with an average cost of $3,114 per access. Asian organizations soon followed with an average of $2,824, along with the Middle East ($2,523) and Europe ($2,044). On the other hand, listings were particularly cheap in Australasia ($600) and South America ($474). 

No specific vertical emerged as heavily targeted, hinting at these cybercriminals’ indiscriminate nature. Initial Access Brokers often go for the “low-hanging fruit” in the security landscape to optimize their chances of gaining access. Therefore, the landscape of the industries being targeted the most by Initial Access Brokers in Q2 was evenly distributed. Digital Shadows, however, did observe the Financial Services industry overtake the Energy, Oil, and Gas sector as the most expensive within IABs’ listings in Q2. On average, an access to an organization operating in the Financial Services sector amounted to $5,518 per access – more than $3,000 more per access, compared to our Q1 data. Another impressive bit of data comes from the Retail sector, where the average price of a single access skyrocketed to $4,404 after an average price of $558 in the first quarter of 2021.

The analysis provided further insights into this cybercriminal category’s evolving landscape, Digital Shadows researchers say. Constantly observing how the IABs environment evolves over time is key to understanding trends and patterns in this malicious activity, along with offering precious insights into how ransomware actors behave over time.