Initial access brokers (or IABs) are cyber threat actors who specialize in gaining unauthorized access to

computer networks A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or ...

and systems and then selling that access to other threat actors such as

ransomware Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are com ...

. IABs are parts of

ransomware as a service Ransomware as a service (RaaS) is a cybercrime business model where ransomware operators write software and affiliates pay to launch attacks using said software. Affiliates do not need to have technical skills of their own but rely on the technical ...

economy, also called "cybercrime as a service economy".

Description

IABs use a variety of methods to gain initial access, including exploiting

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...

in remote access services like

RDP RDP may refer to: Computing * Ramer–Douglas–Peucker algorithm, an algorithm for polygonal simplification * Recombination detection program, for analysing genetic recombination * Recursive descent parser, a type of top-down parser * Remote Desk ...

and

VPNs Virtual private network (VPN) is a network architecture for virtually extending a private network (i.e. any computer network which is not the public Internet) across one or multiple other networks which are either untrusted (as they are not con ...

, bruteforcing login credentials, and leveraging

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

that steals account information. Access are often sold on

auctions An auction is usually a process of Trade, buying and selling Good (economics), goods or Service (economics), services by offering them up for Bidding, bids, taking bids, and then selling the item to the highest bidder or buying the item from th ...

in underground criminal forums or directly provided to ransomware affiliate groups to expedite attacks. IABs seek access to

virtual private networks Virtual private network (VPN) is a network architecture for virtually extending a private network (i.e. any computer network which is not the public Internet) across one or multiple other networks which are either untrusted (as they are not c ...

remote desktop protocol Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this pu ...

Web applications A web application (or web app) is application software that is created with web technologies and runs via a web browser. Web applications emerged during the late 1990s and allowed for the server to dynamically build a response to the request, ...

, and email servers. Email services will be used to commit

spear phishing Phishing is a form of Social engineering (security), social engineering and a scam where attackers deceive people into revealing Information sensitivity, sensitive information or installing malware such as Computer virus, viruses, Computer worm, ...

and

business email compromise Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unrel ...

(BEC). In 2020, the average price for a network access is $5,400. The median price is $1,000. By providing initial access, IABs allow other cyber criminals like ransomware groups to more quickly infiltrate

networks Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...

and launch attacks without wasting time to gain entry themselves. This access as a service model - in analogy to the

software as a service Software as a service (SaaS ) is a cloud computing service model where the provider offers use of application software to a client and manages all needed physical and software resources. SaaS is usually accessed via a web application. Unlike o ...

model - provides scalability and efficiency to

cybercriminal Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. It has been variously defined as "a crime committed on a computer network, especially the Internet"; Cybercriminals may explo ...

operations. Ransomware in particular has benefited from collaboration with IABs.

Description

References

See also