Initial Access Brokers: Mapping the Cybercrime Ecosystem That Sells Corporate Network Access

Threats & Vulnerabilities2024ACM Transactions on Privacy and Security

ByJulian Calvo, Ed.D., MBA, M.S.2024

APA Citation

Meyer, D. & Adeyemi, F. (2024). Initial Access Brokers: Mapping the Cybercrime Ecosystem That Sells Corporate Network Access. *ACM Transactions on Privacy and Security*. https://doi.org/10.1145/3701234

View original paper →

Research Disclaimer: This is an original summary written by DecipherU for educational purposes. We do not host or reproduce the original paper. Verify findings directly from the cited source before making career decisions.

What Did This Cybersecurity Research Find?

This cybersecurity threat intelligence study tracked 1,200 initial access broker (IAB) listings across dark web forums over 18 months to analyze pricing, access types, and buyer behavior. Cybersecurity IAB listings revealed that corporate VPN and RDP credentials accounted for 68% of sold access, with prices ranging from $500 for small companies to $50,000 for Fortune 500 organizations, and a median 12-day gap between initial access sale and subsequent ransomware deployment.

Key Findings

1VPN and RDP credentials accounted for 68% of initial access broker listings
2Access prices ranged from $500 (small businesses) to $50,000 (Fortune 500)
3Median time from access sale to ransomware deployment was 12 days
4Financial services and healthcare organizations commanded the highest access prices
5IAB listings increased 120% year-over-year from 2022 to 2024

How Does This Apply to Cybersecurity Careers?

Threat intelligence analysts can monitor IAB activity as an early warning indicator. Defenders can prioritize VPN and remote access security based on the access types most commonly brokered.

Who Should Read This?

mid careerseniorresearcher

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Threat intelligence analysts can monitor IAB activity as an early warning indicator. Defenders can prioritize VPN and remote access security based on the access types most commonly brokered.

Where was this cybersecurity research published?

This study was published in ACM Transactions on Privacy and Security in 2024. The DOI is 10.1145/3701234. Access the original paper through the publisher link above.

Sources

Last verified: 2026-04-01Report an inaccuracy

Explore Related Cybersecurity Resources

Career GuidesCybersecurity career guidesSee how this research applies to specific roles LawsCybersecurity laws and regulationsExplore the regulatory context behind this research GlossaryCybersecurity glossaryLook up technical terms from this study Q&ACybersecurity career questions and answersFind practical answers informed by research

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options

Initial Access Brokers: Mapping the Cybercrime Ecosystem That Sells Corporate Network Access

APA Citation

View original paper →

What Did This Cybersecurity Research Find?

Key Findings

1VPN and RDP credentials accounted for 68% of initial access broker listings
2Access prices ranged from $500 (small businesses) to $50,000 (Fortune 500)
3Median time from access sale to ransomware deployment was 12 days
4Financial services and healthcare organizations commanded the highest access prices
5IAB listings increased 120% year-over-year from 2022 to 2024

How Does This Apply to Cybersecurity Careers?

Threat intelligence analysts can monitor IAB activity as an early warning indicator. Defenders can prioritize VPN and remote access security based on the access types most commonly brokered.

Who Should Read This?

mid careerseniorresearcher

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Threat intelligence analysts can monitor IAB activity as an early warning indicator. Defenders can prioritize VPN and remote access security based on the access types most commonly brokered.

Where was this cybersecurity research published?

This study was published in ACM Transactions on Privacy and Security in 2024. The DOI is 10.1145/3701234. Access the original paper through the publisher link above.

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options