In accordance with a new report, hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling enterprise attacks.
The findings come from the Israeli cyber-intelligence firm KELA, which published its Q3 2022 ransomware report, which showed stable activity in the initial access sales sector but a significant increase in the value of the offerings.
Despite the fact that the number of network access sales remained roughly the same as in the previous two quarters, the total requested price has now reached $4,000,000.
In comparison, the total value of initial access listings in Q2 2022 was $660,000, a decrease that coincided with the summer ransomware hiatus, which hampered demand.
The Rise of Ransomware
IABs are hackers who sell access to corporate networks, typically through credential theft, webshells, or exploiting vulnerabilities in publicly exposed hardware.
After gaining access to the network, threat actors sell it to other hackers, who use it to steal valuable data, deploy ransomware, or engage in other malicious activity.
The reasons IABs do not use network access vary, from a lack of diverse intrusion skills to a preference not to risk increased legal trouble.
IABs continue to play an important role in the ransomware infection chain, despite the fact that they were sidelined last year when large ransomware gangs that operated as crime syndicates had their own IAB departments.
KELA analysts observed 110 threat actors posting 576 initial access offerings totaling $4,000,000 in the third quarter of 2022. The average selling price of these listings was $2,800, with a record median selling price of $1,350. KELA also witnessed a single access being offered for sale at the exorbitant price of $3,000,000. However, due to concerns about its authenticity, this listing was not included in the Q3 '22 stats and totals.
In Q3 2022, the top three IABs ran a large-scale business, selling between 40 and 100 accesses. According to hacking forum discussions and marketplace listing removal events, the average time to sell corporate access was only 1.6 days, while the majority were of RDP and VPN types.
The United States was the most targeted country this quarter, accounting for 30.4% of all IAB offerings. This figure is comparable to the 39.1% share of ransomware attacks targeting US businesses in the third quarter.
Professional services, manufacturing, and technology led the targeted sectors with 13.4%, 10.8%, and 9.4%, respectively. Ransomware attacks are ranked similarly, emphasizing the link between the two.
Because initial access brokers have become an essential component of the ransomware attack chain, protecting your network from intrusion is critical. To prevent the theft of corporate credentials, remote access servers should be placed behind VPNs, access to publicly exposed devices should be restricted, MFA should be enabled, and phishing training should be conducted.
