New data sheds light on just how active the Initial Access Broker (IAB) business is, and the growth uncovered doesn’t bode well for potential victim organizations.
There’s plenty of fodder in tech news about the use of IABs and their role in cyber attacks. But rarely do we get to see a more comprehensive analysis of just how much growth in both the number of brokers and posts of credentials for sale. In Group-IB’s recently released Hi-Tech Crime Trends 2022/2023 report, we get not only high-level numbers, but a deeper dive into what kinds of credentials are being sold and for how much.
According to the report, the number of ads posted selling corporate access more than doubled from H1 2021 to H1 2022 (the timespan covered in the report), rising from 1,099 posts to 2,348 posts. They also noted in the report a growth of 327 new IAB sellers in that same period, resulting in approximately 380 total brokers. Other notable details included:
- Manufacturing, Financial Services, Real Estate, and Education topped the list of most targeted industries
- The top 3 types of access sold were VPN, RDP, and Citrix
- The top 3 privilege levels of access sold were Local Admin, Domain Admin, and standard user
These accounts are used not just to provide access to a victim network, but also to potentially be used to further the attack (depending on the type of attack) by phishing employees within the company, phishing partner organizations for purposes of island hopping or digital fraud, to intercept email communications for BEC attacks, and more.
While you can’t use the credentials obtained by IABs, you can use new-school security awareness training to both stop the capturing of credentials via social engineering and phishing attacks, and any impersonation attack leveraging the initially compromised account.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
