According to a report by Group-IB, Hi-Tech Crime Trends 2022/2023, the number of instances of corporate access being sold on the dark web by Initial Access Brokers (IABs) has doubled in the past year, with 2348 cases detected between H2 2021 and H1 2022.
Additionally, the number of IABs operating in this space has also increased.
Some stats your way
IABs primarily targeted U.S. companies, with manufacturing (5.8%), financial services (5.1%), real estate (4.6%), and education (4.2%) sectors being the most affected.
The most common types of access offered by IABs were compromised VPN (37%) and RDP (36%) accounts.
The number of IABs operating in this space also increased, leading to a drop in prices for IAB access to $2,800.
The IAB market was found to be increasingly saturated with logs obtained by information-stealing malware, with over 96 million logs available for sale.
About 400,000 of those were highly sought-after Single Sign-On (SSO) logs that could be purchased for as little as $20.
Why this matters
As remote work and Single Sign-On (SSO) services become more widespread, there has been a rise in the number of instances of access to corporate networks being offered in stealer logs.
This trend is expected to continue, with attacks on companies through their employees becoming a primary method of infecting networks.
Additionally, the availability of corporate access being sold on the dark web by IABs is making it easier for individuals with limited technical skills to engage in cybercrime.
This democratization of cybercrime allows a larger number of people to carry out cyberattacks, making it more difficult for companies and organizations to protect themselves from these threats.
The bottom line
The above statistics highlight the importance for organizations to adopt a comprehensive approach to cybersecurity, which includes:
training employees to recognize and respond to social engineering attempts,
enhancing detection and response capabilities to quickly identify and respond to cyber threats, and
monitoring the cybercriminal underground for compromised employee records and offers to sell access to their networks.
By taking these measures, companies are better equipped to protect themselves against potential cyber threats and minimize the risk of a data breach or unauthorized access to their networks.