Security News > 2021 > February > They break into your network but do nothing themselves: 'Initial access brokers' resell stolen creds for $7k a pop

A growing category of cyber-crime consists of breaking into corporate networks and doing nothing else - except selling that illicit access to others for about $7,000 a go, says infosec biz Digital Shadows.

Research published today highlighted what the firm dubbed "Initial access brokers" in the delightful world of online criminality.

The infosec biz said it was tracking around 500 marketplaces where illicit access to breached networks is bought and sold.

"The dramatic increase in remote working coupled with ransomware's commercial success has been a perfect storm of opportunity for initial access brokers," said Rick Holland, CISO at Digital Shadows, in a canned statement.

The firm described what it said was a "Notable increase" in the number of stolen-creds-for-sale postings, with the average price for a working access method being $7,100 and comprising around 17 per cent of listings seen by Digital Shadows.

Aside from RDP breaches, gaining illicit access to a Windows domain admin account commands an average price of $8,167 and made up 16 per cent of the criminal forum ads seen by the infosec firm.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/23/initial_access_brokers/