Sign in Subscribe
Hacking Trends

How initial access brokers (IABs) sell your users’ credentials

How initial access brokers (IABs) sell your users’ credentials

Latest News on Initial Access Brokers (IABs) Credential Selling and Impact on Cybersecurity

Credential-Based Attacks Remain a Significant Threat:
Credential-based attacks continue to be a major concern for organizations. According to the Verizon Data Breach Investigations Report (DBIR), lost or stolen credentials are the most common way for cybercriminals to gain initial access to systems1. Google Cloud's Threat Horizon Report also highlighted that systems with weak or no credentials were the top initial access vector, accounting for 47% of cloud environment attacks during the first half of last year1.

Types of Credential-Based Attacks:
These attacks are favored by hackers due to their simplicity, high success rate, and significant rewards. Once an attacker gains access, they can move laterally within the network to gain access to other systems and resources, increasing the scope of the breach. The attacker can also exfiltrate sensitive data, deploy malware, and cover their tracks by deleting logs or installing backdoors1.

Impact on Cybersecurity:
The rise of IABs selling user credentials exacerbates cybersecurity challenges. This market not only provides attackers with easy access but also enables them to appear as legitimate end users, making detection more difficult. The DFS guidance on cybersecurity risks associated with AI emphasizes the need for covered entities to consider AI threats as part of their periodic risk assessments and adjust their cybersecurity policies accordingly3.

AI-Enhanced Cyberattacks:
The development of AI agents is expected to enhance the speed and scale of cyberattacks. AI can enlarge the quantity of nonpublic information that covered entities store and create supply chain vulnerabilities since the use of AI often involves third-party vendors3. This introduces significant risks, including the possibility of unintended actions based on misinterpretation of commands, which could lead to security breaches or privacy violations.

Key Highlights:

  1. Credential-Based Attacks:

    • Frequency: Lost or stolen credentials are the most common way for cybercriminals to gain initial access to systems1.
    • Impact: Attackers can move laterally within the network, exfiltrate sensitive data, deploy malware, and cover their tracks1.

  2. IABs User Credential Market:

    • Market Size: The market for selling user credentials is significant, with systems with weak or no credentials being a top initial access vector in cloud environments1.
    • Ease of Access: IABs provide attackers with easy access, enabling them to appear as legitimate end users and making detection more difficult1.

  3. Impact on Cybersecurity:

    • Enhanced Risks: AI-enhanced cyberattacks can enlarge the quantity of nonpublic information stored and create supply chain vulnerabilities3.
    • Privacy Concerns: The development of AI agents raises significant privacy and security concerns, including the potential for unintended actions based on misinterpretation of commands4.

  4. Guidance on Cybersecurity Risks:

    • DFS Guidance: Covered entities should consider AI threats as part of their periodic risk assessments and adjust their cybersecurity policies and procedures accordingly3.
    • SEC Charges: The SEC has charged four technology companies with making materially misleading disclosures about the effect of the SolarWinds cyberattack, highlighting the need for adequate cybersecurity risk management and breach disclosures3.

Read next