Initial access brokers (IABs) are increasingly focusing their efforts on large organizations with billion-dollar revenues, according to new research from Cyberint. The analysis of data over the past year and a half reveals a significant trend: companies with over $1 billion in revenue comprised 27% of all initial access listings for sale in 2023. This figure has risen dramatically to 33% in the first half of 2024. The study highlights that the average revenue of targeted organizations in the first half of 2024 was nearly $2 billion, marking an approximately 1000% increase compared to previous periods.
The growing interest in high-revenue firms by IABs is largely attributed to the potential for higher financial gains. These organizations, with their extensive resources and valuable data, represent lucrative opportunities for brokers looking to exploit their vulnerabilities. The increase in targeted high-revenue firms reflects the brokers’ strategy to capitalize on the significant financial returns that such large-scale organizations can offer.
Despite this growing trend, the price of initial access listings has seen a substantial decrease. In 2023, the average price for a listing was $3,066, with the median price at $1,500. However, by 2024, the average price for these listings had dropped to $1,295, representing a roughly 60% decrease. This decline in listing prices suggests a commoditization of the market, where access to high-revenue targets is becoming increasingly available and competitive among brokers.
The report also notes a shift in the methods used by IABs to gain access to these organizations. While compromised Remote Desktop Protocol (RDP) servers were the most common access method in 2023, the trend has shifted in 2024 with VPN access now challenging RDP for dominance. VPN access accounted for 45% of listings, compared to 41% for RDP. Webshells were the third most common access type in 2023. This evolution in access methods highlights the need for organizations to adapt their security measures to protect against a broader range of attack vectors.
Reference:
