New data looking back at the cyber attacks observed in 2022 shows that phishing continues to dominate as initial access brokers seem to be growing their business using backdoors.
The rise of the initial access broker (IAB) over the last two years has been a case study in a service meeting the demands of a market. Think about the rise of ransomware-as-a-service (RaaS) over the last few years putting world-class malware into the hands of literally anyone – including those with no cyber skills. So, if you’re a young newbie who wants to get into the ransomware game, you still need to have access to a victim network, right?
Enter in IABs.
These folks sell access for anywhere from $10 to $10,000 and, according to IBM Security’s latest X-Force Threat Intelligence Index report, it appears that this is a prevalent business model for ransomware threat actors.
According to the report:
- 41% of incidents started with a phishing or spear phishing attack
- Deployment of backdoors was the top action objective at 21% of incidents
- Extortion was leading impact of attacks at 27% of incidents
These actions topping the list help to paint the picture that IABs use phishing and/or spear phishing to deploy backdoors, establishing persistent access to the victim network. Then ransomware affiliates purchase the access, set their newly-purchased ransomware free within the victim network and reap the rewards of their efforts.
This business model isn’t going anywhere, as it allows each of the players in the cybercrime ecosystem to focus on just the part they’re really good at. And because phishing is the primary driver of success here, it’s also the point at which your organization needs to put the most emphasis on. This includes a layered preventative solution-based approach, as well as Security Awareness Training for your users to ensure that anything that gets by your security solutions doesn’t stand a chance against your cyber-educated users.