New research from Trend Micro sheds light on the potential factors behind the recent surge in ransomware attacks, namely, cyber-criminal marketplaces offering initial access to threat actors. Over the past two years, demand for initial access has grown so much that many dark web markets now have a dedicated “Access-as-a-Service” section. The researchers divided access brokers into three categories: opportunistic sellers, dedicated brokers whose services are often used by smaller ransomware groups, and online shops that provide RDP and VPN credentials. Typically, access brokers sell credentials to less sophisticated cyber criminals to purchase and exploit for their own nefarious purposes. Trend Micro’s research draws from an analysis of more than 900 access broker listings across English and Russian language cybercrime forums from January through August 2021. The researchers believe that incident response teams can improve their defense and investigative capabilities by monitoring for activity by access brokers. Some best practices for protecting your network and access credentials include, but are not limited to, setting up multi-factor authentication (MFA), creating network segmentation, and implementing a zero-trust framework. Read more at HelpNetSecurity or access the original report at Trend Micro.