criticalLast seen May 22, 2026Source: Cyentrix Intel feed
Initial Access Broker Sale
Initial-access brokers selling administrative or remote access to a victim organisation (VPN, RDP, Exchange OWA, AWS console, AD domain admin). The buyer is typically a ransomware affiliate. Demands MFA on every remote pathway, PAM for admin tiers, dark-web monitoring of company brand + employee emails.
See where you stand against this threat
Sign in to see your existing attestations against each mapped control — including which ones already cover you from past work.
Sign in →Mapped controls· 4
MFA for all user accounts
NIST SP 800-63B
Recommended control for credential theft
Privileged access management (PAM)
NIST SP 800-53 Rev 5
Recommended control for credential theft
Account lockout policy on failed logins
NIST SP 800-53 Rev 5
Recommended control for credential theft
Credential rotation
NIST SP 800-53 Rev 5
Recommended control for credential theft