GUEST ESSAY: ‘Initial access brokers’ — IABs — specialize in enabling surreptitious access

By Zac Amos

Cybercrime is a big business. And like any other large industry, specialization has emerged.

Related: IABs fuel ransomware surge

As data becomes more valuable, criminals can profit more from stealing, selling or holding it for ransom, leading to a massive black market of information.

Initial access brokers (IABs) play an increasingly central role in this cyber underworld. IABs specialize in finding vulnerable targets and sell their details to other cybercriminals.

They search for weak points and perform the challenging, technically demanding work of breaking past an organization’s security, then offer access to the victim to the highest bidder.

IABs on the rise

IABs can gain this access through many different means. In some cases, they find vulnerable third parties that provide ways into larger targets, which is how hackers infiltrated the Red Cross in 2021.

In others, they try brute forcing their way through a company’s security; and sometimes, they’re malicious insiders who already have access to sensitive files.

Regardless of the specifics, the outcome is the same. IABs perform the difficult first few steps of breaking into a target’s systems, allowing other well-paying cybercriminals an easy way in to do whatever they want.

IABs aren’t necessarily a new threat, but they’ve seen tremendous growth over the past few years. Cybersecurity firm Positive Technologies found 88 new IAB sales on dark web marketplaces in the first quarter of 2020, compared to just three in all of 2017.


The rise of IABs corresponds with the increase in digital transformation. Early in the COVID-19 pandemic, companies started implementing digital tools at an unprecedented pace. Digital resources became increasingly critical for businesses, and targeting them became a more profitable type of crime, leading to a surge in demand for IABs.

IABs’ ease of access helped spur this growth. With an IAB, cybercriminals don’t need advanced technical knowledge or skills to pull off a successful attack. That makes them the ideal solution for new, inexperienced hackers trying to profit from this wave of digitization.

Ransomware correlation

This uptick in IAB activity has several far-reaching impacts on cybersecurity. Reliable security is becoming increasingly important to investors, requiring businesses to meet high standards to secure investment and new partnerships.

Because IABs can make it easier to breach a company’s security, their rise could make meeting those expectations harder, creating more demand for expert cybersecurity services.

As IABs continue to grow, so will ransomware. Ransomware is already the fastest-growing type of cybercrime, and IABs make it more accessible to novice criminals. It’s far easier to steal and encrypt sensitive data when someone else manages the first and hardest step in the breach process. Consequently, security professionals should prepare for an uptick in ransomware threats.

Mitigating IABs

Businesses should also focus on practices that mitigate IAB-related risks amid this rising threat. These include:

•Using multifactor authentication (MFA) on all accounts.

•Monitoring the dark web for IAB listings.

•Restricting access permissions to minimize insider threats.

•Keeping all software, especially VPNs, up to date.

General cybersecurity best practices like using strong passwords and offering regular security training will also help. While this trend is concerning, these widely recommended steps are still effective.

As the data revolution continues and cybercrime grows, IABs will become all the more prominent. Recognizing these threats early is the first step in addressing them. Once businesses know what to watch out for, they can make the best decisions about defending themselves, even with risks as pressing as IABs.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone