According to a new report published by cybersecurity researchers, hackers are selling access to 576 corporate networks around the world for a total of $4,000,000, driving enterprise attacks.

The Q3 2022 ransomware report published by Israeli cyber-intelligence researchers from KELA showed stable activity in the initial access sales sector but a significant increase in the value of the offerings.

Despite the fact that the number of network access sales remained roughly the same as in the previous two quarters, the total requested price has already reached $4,000,000, explains Bleeping Computer.

Initial Access Brokers and Ransomware

IABs are hackers who sell access to business networks, typically by credential theft, webshells, or exploiting flaws in publicly exposed hardware. After gaining access to the network, threat actors sell it to other hackers, who use it to steal important data, distribute ransomware, or engage in other criminal activity.

IABs continue to play an important part in the ransomware infection chain, despite the fact that they were sidelined last year when large ransomware gangs that acted as crime syndicates established their own IAB departments.

Q3 of 2022 – Statistics

In Q3 2022, KELA’s analysts spotted 110 threat actors with 576 initial access offerings (ICOs) worth $4,000,000.


With a median sale price of $1,350, this group of listings set a new record for average selling price of $2,800. KELA’s researchers also noted that there was one instance where one single access was being sold for the exorbitant price of $3,000,000, but it was left out of the Q3 report due to concerns over its validity.

Most Targeted Countries and Industries

In Q3 of 2022, the top 3 IABs ran a sizable operation, with sales of 40–100 accesses. Findings show that the average time required to sell corporate access was 1.6 days, and the majority of these accounts are RDP and VPN kinds.

The United States accounted for 30.4% of all IAB offerings this quarter, making it the most targeted country.


The top three industries that were targeted were professional services (13.4%), manufacturing (10.8%), and technology (9.2%).


Bleeping Computer also notes that these rankings are consistent with ransomware attacks, and concludes that initial access brokers are now part of the ransomware attack chain, therefore network security is more important than ever.

This involves securing remote access servers behind VPNs, restricting access to publicly exposed devices, enabling multifactor authentication, and conducting phishing awareness tests to minimize the risk of exposing corporate credentials.

The Q3 2002 research report is available here.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Who Is Responsible for Developing a Cybersecurity Culture?

What Is Multi-Factor Authentication (MFA)?

How to Prevent Ransomware Attacks

Network Security 101 – Definition, Types, Threats, and More

Ransomware Explained. What It Is and How It Works

Leave a Reply

Your email address will not be published. Required fields are marked *