Key point: Initial Access Brokers are deliberately selling stolen SME access credentials on the darknet because these companies are often inadequately protected despite generating substantial revenues.
Kaspersky documents a massive increase in stolen enterprise access credentials from small and medium-sized enterprises on darknet marketplaces. In the first four months of 2024, 60 percent of analysed offerings from Initial Access Brokers originated from the SME segment.
Kaspersky has identified a clear pattern in its analysis of darknet forums: approximately 40 percent of the evaluated offerings came from small enterprises and 20 percent from medium-sized enterprises, accounting for 60 percent of the total. Sales offerings typically contain information on industry, location, company size, revenue, and the type of network access available.
The actors behind this are specialized Initial Access Brokers who acquire and resell compromised enterprise access credentials. With such access data, attackers can prepare ransomware campaigns, exfiltrate sensitive data, or commit fraud. Medium-sized enterprises are particularly in focus: they generate higher revenues than small firms but invest significantly less in security than large enterprises — an attractive profit-to-risk ratio from the criminals’ perspective.
The widespread misconception that cybercriminals only target large enterprises is long outdated. Attackers are not primarily oriented toward revenue, but rather toward the ratio between potential profit and existing security measures. Small and medium-sized enterprises have long become prime targets.
To reduce risk, Kaspersky recommends clearly defined access and security policies, regular data backups, and continuous monitoring of publicly available data for leaks. At the same time, security solutions must be kept current and software regularly updated. Employee training reduces susceptibility to phishing. Enterprises without internal security departments can achieve permanent monitoring and rapid response through Managed Security Services.
Source: www.it-daily.net · Published 6 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.3.