Rapid7's 2025 Access Brokers Report reveals that 71% of access brokers offer privileged access, indicating a concerning depth of compromise in these illicit transactions.
Based on six months of threat intelligence from dark web forums such as Exploit, XSS, and BreachForums, the report that IABs are not merely providing a quick entry point but are instead exploring the networks they infiltrate.
Source: 2025 Access Brokers Report, Rapid7
According to Raj Samani, SVP and chief scientist at Rapid7 says this approach allows them to sell access with elevated privileges, making it easier for subsequent threat actors to exploit these vulnerabilities.
"It’s not about if you’re exposed, but whether you can respond before the intrusion escalates," adds Samani as he emphasised the urgency for proactive defence strategies.
Source: 2025 Access Brokers Report, Rapid7
The report estimates the average sale price for access is approximately $2,700, with nearly 40% of offerings priced between $500 and $1,000. The most common access types sold include VPN, Domain User, and Remote Desktop Protocol (RDP), which align with vulnerabilities frequently observed in Rapid7’s incident response investigations.
As security teams face challenges such as alert fatigue and resource limitations, the findings reinforce the need for a unified approach to threat detection and exposure management.
Rapid7 advocates for operationalising these elements together rather than treating them in isolation. This philosophy is reflected in the launch of Incident Command, an AI-native Security Information and Event Management (SIEM) platform that integrates prevention, detection, and response into a single workflow.
To mitigate risks, the report outlines several actionable steps for organisations, including enforcing multi-factor authentication (MFA) on critical access points, investing in threat-informed detection systems, and conducting regular red team exercises to identify potential exposure paths.
While law enforcement efforts continue to tackle the issue of access brokers, their persistence poses a significant risk to organisations worldwide. The report suggests that improving threat detection capabilities and enhancing access controls is paramount in combating this growing threat.
