Cybercriminals’ tactics are evolving faster than organizations can adapt, keeping them stuck in a “breach, apologize, repeat” cycle, a security expert says.
A booming black market is thriving in the shadows of the digital underworld. Cybercriminals, known as Initial Access Brokers (IABs), auction off the keys to corporate networks, leaving businesses worldwide on the edge of disaster.
IABs are hackers who compromise companies but sell access to other cybercriminals in the cyber underworld instead of exploiting the breach themselves.
The latest report from security firm Group-IB reveals that IAB-based cybercrime has been booming, with a global increase of 15% throughout 2024. Researchers have named IAB activity as one of the key threats for 2025.
While cybercrooks are active everywhere, the United States has been the most targeted country. The surge is driven by 1,218 cases in North America, a 43% rise from 2023. The trend is similar in other regions, too, with cases rising in Europe (32%) and Latin America (41%).
Group-IB CEO Dmitry Volkov told Cybernews that the surge in corporate access listings on the dark web proves that cybercriminals are rapidly refining their cyber-crime-as-a-service model – and, unfortunately, outpacing organizations' ability to adapt.
Who buys these criminal services?
The cyber underground operates much like a corporation, with threat actors filling specialized roles across the ecosystem – from breaching systems to laundering money.
There are two ways to buy access to a corporate network. IABs, who specialize in breaching corporate networks and selling that access on dark web marketplaces, are the primary sellers of “keys.”
Another way to buy access to a corporate network is to find compromised credentials.
“Threat actors use so-called Underground Clouds of Logs (UCL) where they can find compromised credentials based on their search criteria and then use it to further develop attacks,” explains Volkov.
Buyers of such criminal services range from ransomware gangs and financially driven hackers to state-sponsored groups seeking to conduct espionage.
“The growing sophistication of these operations means that the cyber-crime-as-a-service model will continue to expand, making proactive cybersecurity measures more critical than ever,” warns Volkov.
Are companies doing enough to protect their networks?
The growing trade in corporate system access on the dark web reveals that companies are losing a race with the evolving cybercrime economy.
“We see that while some companies are making cybersecurity a board-level priority, others remain reactive. However, to avoid major security breaches, it is important to shift toward proactive defense,” says Volkov.
Paradoxically, some of the most commonly exploited vulnerabilities lie in cybersecurity software like VPNs and firewalls, with ransomware gangs preying on these vulnerabilities to gain access to corporate networks.
Another weak point often exploited by threat actors is third-party vendors. While Volkov sees that some organizations have made progress in strengthening their third-party vendor risk management processes, for many, the approach to cybersecurity remains superficial.
“While companies should not be responsible for fully vetting their third-party vendors and acting as security auditors – that’s not their core business – they should be taking the necessary steps to protect their organizations from supply chain vulnerabilities.”
He highlights that annual supplier vetting is no longer enough, and continuous monitoring, shared threat intelligence, and strict cybersecurity policies are vital for a resilient supply chain.
“Without leveraging zero-trust frameworks, companies will continue to fall into the 'breach, apologize, repeat' cycle.”
Your email address will not be published. Required fields are markedmarked