Quarterly IAV Roundup: Initial Access & Database Brokers

Based on 300+ incident investigations across English and Russian cybercrime forums, CloudSEK’s latest report uncovers how initial access brokers are evolving. Low-effort attack vectors like stealer logs, exposed secrets, and misconfigured cloud assets dominated, enabling quick unauthorized access to high-value systems. The report also highlights a rise in phishing kits that bypass MFA and exploitation of vulnerable web apps. Targeted regions include Europe, Southeast Asia, and Latin America, with brokers chaining multiple weaknesses for scalable attacks. With detailed trends, region-wise targeting, and actionable playbook insights, this whitepaper is a must-read for defenders aiming to stay ahead of modern access threats.