Last year, security researchers detected twice as many cases of corporate access being sold on the dark web by initial access brokers (IABs) as in the previous 12 months, and the number of brokers also surged.
Group-IB found 2,348 instances of IAB sales activity between the first half of 2021 and the first half of 2022. The number of countries with victim organizations also increased, increasing by 41% over the period to a total of 96.
U.S. companies were most frequently targeted, while manufacturing (5.8%), financial services (5.1%), real estate (4.6%), and education (4.2%) were the most frequently targeted sectors. .
According to Group-IB’s report, compromised RDP (36%) and VPN (37%) accounts were most commonly offered by the IAB. Tech Crime Trends 2022/2023.
The number of brokers also increased from 262 to 380 during this period and the price of IAB access dropped by 50% to $2800. This resulted in a slight reduction in the size of his IAB market worldwide, down 8.5% to $6.7 million.
Group-IB also found that the IAB market is saturated with logs captured by information-stealing malware. He recently discovered over 96 million logs for sale, including 400,000 of the highly popular single sign-on (SSO) logs that the threat actors behind the Uber breach bought for just $20. rice field.
Group-IB CEO Dmitry Volkov warns that these services are spreading cybercrime to people with limited technical skills.
“As remote work and SSO services became more prevalent, instances of corporate network accesses became more frequent in stealer logs. There will be one,” he warned.
“There is no silver bullet to such attacks. It highlights the need to improve cybersecurity at all layers, including monitoring the cybercriminal underground for offers to sell their networks.”
Ransomware attackers increased the number of victims last year, thanks in part to the thriving IAB market.
2886 companies published sensitive data on ransomware leak sites during the reporting period, up 22% year-on-year. However, there may be more victims who are not listed on such sites because they paid quickly.