Dive Brief:
- The market for initial access brokers has blossomed over the past two years, making it easier for advanced adversaries to outsource the grunt work of intrusions and breach more targets, Check Point said in a report published on Monday.
- The surge in the IAB ecosystem comes as nation-states increasingly use cyberspace to project power, according to the report.
- Check Point urged policymakers and businesses to prioritize identity security, protect software supply chains and harden operational technology.
Dive Insight:
Check Point’s findings about IABs highlight how much more sophisticated the cybercrime market has grown in recent years and how much easier it has become for governments and low-level criminals alike to manage a vast array of intrusion campaigns.
“Once considered peripheral players, IABs have become a critical node in the cyber-criminal supply chain, lowering barriers to entry for sophisticated operations and enabling rapid campaign scaling,” Check Point said.
By paying IABs to handle rudimentary tasks at scale, the report found, “state-backed groups and sophisticated criminal actors can reduce operational risk, accelerate execution timelines, and scale their campaigns across dozens of targets simultaneously.”
The involvement of an IAB also makes it harder for IT teams and incident-response firms to attribute an attack to a specific actor — or even to determine whether the attack was the work of a nation-state or a criminal group.
For these reasons, Check Point said, “IAB activity is no longer a peripheral criminal phenomenon but a force multiplier in the broader offensive ecosystem, one that directly supports espionage, coercive operations, and potential disruption of U.S. government and critical infrastructure networks.”
Even more worrisome, some IAB-assisted campaigns have included attacks on critical infrastructure.
“The proliferation of IAB activity is particularly visible in sectors with heightened strategic significance,” according to the report, which documented sharp increases in IAB activity between 2023 and 2024 in the government, healthcare, education and transportation sectors. There were nearly 600% more IAB attacks on healthcare organizations in 2024 than there were in 2023.
“These surges reflect both heightened adversary demand for footholds in sensitive environments and the growing professionalization of the IAB marketplace, where access to critical systems is commoditized and sold to the highest bidder,” Check Point said in its report.
In parallel to the growing maturity of the cyberattack-as-a-service ecosystem, the connection between geopolitical tensions and nation-state hacking has grown even stronger over the past two years.
“Cyber operations have evolved from opportunistic disruptions and intelligence-gathering into deliberate, coordinated campaigns designed to achieve political, economic, and strategic outcomes,” Check Point said. “The boundary between cyber and geopolitics has all but disappeared: state-aligned threat actors now use digital operations to signal intent, project power, shape crises, and impose costs, often below the threshold of armed conflict.”
The shift from hacking as a form of espionage to hacking as a form of leverage in nation-state conflict portends increasingly serious dangers for essential services. And by comparing historical trends in the Geopolitical Risk Index with observed levels of nation-state cyberattacks on U.S. government systems, Check Point determined that cyber activity surges when geopolitical tensions increase, “as states use network intrusions, pre-positioning, and disruption as tools of influence and coercion short of war.”
These changes will require policymakers to change how they think about cybersecurity and how engaged they are in responding to the threat environment, according to the report.
“Cybersecurity is no longer just a technical issue; it is a strategic imperative,” Check Point said. “Resilience, deterrence, and rapid recovery must now be treated as national security capabilities, on par with traditional defense planning.”