
How initial access offers power intrusions and ransomware
Initial access brokers (IABs) sell access to compromised organizations on underground forums. Here's an analysis looking at whether these offers can be correlated to ransomware attacks.
It’s time to arm yourself against cybercrime with the Intel 471 Cyber Threat Report 2024, our comprehensive cyber threat intelligence (CTI) analysis of threat actor activity and techniques from January 2023 to March 2024. We also look at the varied motivations of hacktivist groups, ransomware gangs, and initial access brokers (IABs), and highlight emerging trends to help you stay ahead of a rapidly changing threat landscape.
In the past year, law enforcement agencies have notched significant wins against major ransomware-as-a-service (RaaS) operators, disrupting ALPHV aka BlackCat in December 2023 and LockBit in February 2024. These, however, occurred at the end of a year in which reported ransomware attacks almost doubled to 4,429. LockBit was again the most prevalent ransomware variant, impacting 981 victims, followed by ALPHV, which impacted 427 victims, many in healthcare and other critical sectors.
It’s too early to tell whether these victories will leave a lasting impact on RaaS operators. LockBit’s response demonstrated the sophistication of the underground cybercrime economy. After re-establishing the LockBit data leaks blog, its victim-shaming site, the actor threatened to buy compromised network access credentials related to all U.S. government, educational, and nonprofit organizations from IABs.
Additionally, Intel 471 saw activity from IABs, a key enabler in cybercrime, grow and shift in 2023. We reported 5,347 instances of IAB vendors offering compromised credentials and/or alleged unauthorized access to networks or systems in 2023. We also track “specified access” when there are indicators that a threat actor has verified the validity of access being sold as operational.
See the report to also find out which industries and countries were most impacted and the most common IAB tactics, techniques, and procedures (TTPs) we observed. This rapidly evolving threat landscape is one reason Intel 471 recently acquired Cyborg Security and its HUNTER platform, which gives threat hunting teams a powerful set of tools to proactively detect stealthy threats.
Other major factors that will influence cybercrime trends in 2024 include:
Download the 2024 Cyber Threat Report today to see the culmination of Intel 471’s dedication to exposing the tactics of global adversaries which we share in real time with clients through TITAN, our platform that collects, interprets, structures, and validates human-led, automation-enhanced results.
Initial access brokers (IABs) sell access to compromised organizations on underground forums. Here's an analysis looking at whether these offers can be correlated to ransomware attacks.
The disruption of the XSS cybercrime forum and arrest of its administrator in Ukraine in July 2025 has shook Russian-speaking cybercriminal communities to their core and raised questions if the forum can recover.
The Lumma infostealer malware collects highly sensitive data including logins and session tokens. Here's how to conduct a threat hunt leveraging up-to-date tactics, techniques and procedures used by Lumma.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.