2 min Security

A foot in the door is increasingly marketable: initial access grows

A foot in the door is increasingly marketable: initial access grows

The market for initial access is growing at an alarming rate. A side effect of the ransomware explosion of the past year, Group-IB concludes based on a new study.

The initial access market entails trade in ready-to-use vulnerabilities for access to corporate environments. Group-IB research shows that the global market grew from roughly 5.5 million to 6.3 million euros in the past year.

The sale and purchase of backdoors is one example. Ready-to-use entrances, not yet exploited for criminal purposes, but intended precisely for that end. The amount of sales offers tripled from 362 to 1099. More than 200 new providers — so-called initial access brokers — entered the market.

Strikingly, the global figures are anything but representative of Europe. There, the initial access market shrank by 22 percent from roughly 650,000 euros to 520,000. However, the number of companies whose environments were offered access to rose significantly, from 76 to 261. Only five percent of the European offerings involved access to Dutch companies. French companies (20 percent) and British companies (18 percent) were more common.


Group-IB presented the news at CyberCrimeCon, its annual conference. Simultaneously, the organization cited two main reasons for the global growth.

First, the popularity of ransomware is increasing. Group-IB states that the data of 2,371 hacked organizations ended up on DLSs (Data Leak Sites) in the past year. An enormous growth of 935 percent compared to the previous measurement, with which Group-IB observed only 229 victims. More attacks mean more attackers; more attackers means more initial access brokers, whose supply grows along with demand.

Second, Group-IB argues that the entry threshold for selling initial access is relatively low. The organization implies that finding an entry is easier than abusing it. Group-IB concludes that tools for finding access are becoming more available, and companies’ security measures do not sufficiently avert new brokers.