Rapid7 releases 2025 Access Brokers Report on illicit cybercrime marketplaces.

Rapid7, a leader in threat detection and exposure management, released its 2025 Access Brokers Report, analyzing six months of threat intelligence from dark web forums Exploit, XSS, and BreachForums. The report finds that Initial Access Brokers (IABs) often sell access to compromised networks for less than $1,000, and the access can be a deep compromise, rather than minimal. Defenders can disrupt this process by taking steps to secure their networks and prevent initial access.

Rapid7, Inc. (NASDAQ: RPD), a leading provider in threat detection and exposure management, has released its comprehensive 2025 Access Brokers Report. This report, based on six months of threat intelligence from dark web forums such as Exploit, XSS, and BreachForums, sheds light on the illicit underground marketplaces where cybercriminals trade access to corporate networks. The study reveals that 71.4% of access broker sales include privileged access credentials, with nearly 10% offering multiple access vectors and privileges [1].

Key findings of the report indicate that the average sale price for such access is $2,700, with 40% of offerings priced between $500-$1,000. The most common access types are VPN, Domain User, and RDP. Notably, initial access often represents a deep network compromise, necessitating stronger security measures such as Multi-Factor Authentication (MFA) enforcement and unified threat detection platforms [1].

The report underscores the need for organizations to implement robust security measures to disrupt these cyberattacks early. Rapid7 emphasizes that initial access brokers are selling more than just a way into an organization’s network; they are offering buyers admin privileges and multiple access types, significantly increasing the risk of a deep compromise [1].

Rapid7’s findings highlight the challenges security teams face, including alert fatigue, limited resources, and evolving attacker tradecraft. The company advocates for the operationalization of threat detection and exposure management together, not in isolation. This approach is exemplified by the launch of Rapid7’s Incident Command, an AI-native Security Information and Event Management (SIEM) system that unifies prevention, detection, intelligence, and response within a single workflow [1].

The report also outlines concrete steps organizations can take to harden their defenses and reduce attacker dwell time. These steps include implementing MFA, using unified threat detection platforms, and leveraging AI-native SIEM systems like Incident Command. Rapid7’s position is that threat detection and exposure management must be fast, unified, and context-rich, with a strong emphasis on operationalizing threat intelligence, asset context, and automation [1].

In summary, Rapid7’s 2025 Access Brokers Report provides valuable insights into the cybercriminal marketplace, emphasizing the need for proactive security measures to prevent and disrupt deep network compromises. By understanding the dynamics of initial access brokers, organizations can better protect their networks and respond effectively to cyber threats.

References:
[1] Rapid7 (2025). 2025 Access Brokers Report. Retrieved from https://www.rapid7.com/lp/initial-access-brokers-report/