Initial Access Brokers Target $2bn Revenue Companies

Summary: Initial access brokers (IABs) are increasingly targeting large organizations, particularly in the US and business services sector, with a notable rise in listings for high-revenue companies. Despite the growing demand for access to these organizations, the prices for IAB listings have significantly decreased, indicating a shift towards a more commoditized market.

Threat Actor: Initial Access Brokers (IABs) | Initial Access Brokers
Victim: Large Organizations | Large Organizations

Key Point :

  • 27% of initial access listings in 2023 targeted organizations with over $1 billion in revenue, increasing to 33% in H1 2024.
  • The average revenue of targeted organizations in H1 2024 was nearly $2 billion, reflecting a significant increase in interest from IABs.
  • US organizations were the most targeted, accounting for 48% of attacks, with business services being the most affected sector at 29%.
  • Despite the focus on high-value targets, the average price for IAB listings fell from $3066 in 2023 to $1295 in 2024, a 60% decrease.
  • In 2024, VPN access became a leading method for initial access, competing closely with Remote Desktop Protocol (RDP) access.

Initial access brokers (IABs) are increasingly going after large organizations with billion-dollar revenues, especially US victims and organizations working in the business services sector, according to new research from Cyberint.

The threat intelligence company analyzed its data from the past year-and-a-half to reveal that organizations with over $1bn in revenue made up 27% of all initial access listings for sale last year, rising to 33% in the first half of 2024.

In H1 24, targets had an average revenue of nearly $2bn, the report claimed.

“As a result, the largest organizations became more sought-after targets for access brokers, largely because of the increased income from the higher price they will demand,” it explained.

“Not surprisingly, we see this trend of targeting large scale organizations took place in 2024, with an average revenue of $1,961,335,406.50, which indicates an approximately 1000% increase.”

Read more on IABs: Initial Access Broker Activity Doubles in a Year

Much of this money was generated by attacks on US organizations (48%) – the most targeted country – and business services (29%) – the most targeted sector. Finance (21%), retail (19%), technology (17%) and manufacturing (14%) were also popular targets, as were France (19%) and Brazil (9%).

Yet despite the targeting of high-value organizations, the actual price of IAB listings fell in 2024, indicating the increasingly commoditized nature of the market.

In 2023, the average price for a listing was $3066, while the median price was $1500. However, 65% of listings last year were priced under $2000, and 77% were under $3000. In 2024, the average price dropped again to $1295 – around a 60% decrease.  

“There are three primary types of IABs driving most ransomware attacks today. In 2023, those offering servers compromised through exposed Remote Desktop Protocol (RDP) were the most common (>60%). However, in 2024, VPN access surged, challenging RDP access for the top spot (45% VPN vs. 41% RDP),” the report explained.

Webshells were the third most common access type in 2023, Cyberint added.

Source: https://www.infosecurity-magazine.com/news/initial-access-brokers-2bn-revenue