Initial access brokers (IABs) are selling enterprise network access on the dark web, primarily through underground marketplaces, which poses a significant cybersecurity threat. Law enforcement efforts are disrupting these forums, but the cybercriminal underground continues to adapt and operate despite such actions. #Rapid7 #BreachForums
Keypoints
- IABs sell initial access vectors (IAVs) like VPNs, RDP, and Domain User accounts on dark web marketplaces.
- Most IAV sales offer a selection of multiple access methods, with VPNs and domain accounts being the most common.
- Law enforcement actions have disrupted major forums like XSS and BreachForums, but these sites attempt to bounce back.
- Pricing for access varies, often based on the perceived value of the victim, but does not necessarily correlate with the target’s reach or revenue.
- The cybercriminal ecosystem remains dynamic, requiring increased law enforcement efforts to dismantle access broker operations effectively.