article featured image


According to a new report published by cybersecurity researchers, hackers are selling access to 576 corporate networks around the world for a total of $4,000,000, driving enterprise attacks.

The Q3 2022 ransomware report published by Israeli cyber-intelligence researchers from KELA showed stable activity in the initial access sales sector but a significant increase in the value of the offerings.

Despite the fact that the number of network access sales remained roughly the same as in the previous two quarters, the total requested price has already reached $4,000,000, explains Bleeping Computer.

Initial Access Brokers and Ransomware

IABs are hackers who sell access to business networks, typically by credential theft, webshells, or exploiting flaws in publicly exposed hardware. After gaining access to the network, threat actors sell it to other hackers, who use it to steal important data, distribute ransomware, or engage in other criminal activity.

IABs continue to play an important part in the ransomware infection chain, despite the fact that they were sidelined last year when large ransomware gangs that acted as crime syndicates established their own IAB departments.

Q3 of 2022 – Statistics

In Q3 2022, KELA’s analysts spotted 110 threat actors with 576 initial access offerings (ICOs) worth $4,000,000.


With a median sale price of $1,350, this group of listings set a new record for average selling price of $2,800. KELA’s researchers also noted that there was one instance where one single access was being sold for the exorbitant price of $3,000,000, but it was left out of the Q3 report due to concerns over its validity.

Most Targeted Countries and Industries

In Q3 of 2022, the top 3 IABs ran a sizable operation, with sales of 40–100 accesses. Findings show that the average time required to sell corporate access was 1.6 days, and the majority of these accounts are RDP and VPN kinds.

The United States accounted for 30.4% of all IAB offerings this quarter, making it the most targeted country.


The top three industries that were targeted were professional services (13.4%), manufacturing (10.8%), and technology (9.2%).


Bleeping Computer also notes that these rankings are consistent with ransomware attacks, and concludes that initial access brokers are now part of the ransomware attack chain, therefore network security is more important than ever.

This involves securing remote access servers behind VPNs, restricting access to publicly exposed devices, enabling multifactor authentication, and conducting phishing awareness tests to minimize the risk of exposing corporate credentials.

The Q3 2002 research report is available here.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Leave a Reply

Your email address will not be published. Required fields are marked *