Initial access brokers (or IABs) are cyber threat actors who specialize in gaining unauthorized access to computer networks and systems and then selling that access to other threat actors such as ransomware. IABs are parts of ransomware as a service economy, also called "cybercrime as a service economy".[1] [2]
IABs use a variety of methods to gain initial access, including exploiting vulnerabilities in remote access services like RDP and VPNs, bruteforcing login credentials, and leveraging malware that steals account information. Access are often sold on auctions in underground criminal forums or directly provided to ransomware affiliate groups to expedite attacks.[3]
IABs seek access to virtual private networks, remote desktop protocol, Web applications, and email servers. Email services will be used to commit spear phishing and business email compromise (BEC).[4]
In 2020, the average price for a network access is $5,400. The median price is $1,000.
By providing initial access, IABs allow other cyber criminals like ransomware groups to more quickly infiltrate networks and launch attacks without wasting time to gain entry themselves. This access as a service model - in analogy to the software as a service model - provides scalability and efficiency to cybercriminal operations. Ransomware in particular has benefited from collaboration with IABs.[5]