Q4 2024 Initial Access Broker Market Summary
After analysing the IAB ecosystem in Q1, Q2, and Q3 2024, Cyjax has continued to monitor IAB listings on key forums. This whitepaper reports the statistics and trends observed in initial access listings on prominent Russian- and English-language cybercriminal forums in Q4 2024.
Key takeaways
The IAB market remained stable throughout 2024, with consistent trends in sectors, countries, access types, and antivirus instances. The overall market grew by approximately 232% from observed listings.
The top targeted countries in Q4 were the US (43.7%), Canada (4.9%), UK (4.6%), China (4.0%), and France (2.9%), among others, with these statistics aligning with previous quarters. Similarly, the most targeted sectors were professional services (11.3%), construction (10.2%), and manufacturing (9.1%), continuing the pattern seen in earlier quarters.
In terms of access types, RDP (25.5%) remained the most commonly targeted, followed by VPN (16.3%) and RDWeb (12.9%). The Forti access type saw a notable increase this quarter, but overall trends in access types were consistent with prior periods. As for antivirus solutions, Windows Defender led with 14% of all listings, with no significant changes in the antivirus landscape from previous quarters.
A standout moment in Q4 was when user ‘Pennywise77777’ listed 96 accesses in a single post, the highest for 2024. These accesses targeted vulnerable sectors such as healthcare, education, and government. The most prolific IABs in Q4 included miyako (14.1%), Pennywise77777 (11.5%), and Croatoan (8.1%), further emphasising the stability and continuity in the IAB ecosystem for the quarter.