[1][2] IABs use a variety of methods to gain initial access, including exploiting vulnerabilities in remote access services like RDP and VPNs, bruteforcing login credentials, and leveraging malware that steals account information.
Access are often sold on auctions in underground criminal forums or directly provided to ransomware affiliate groups to expedite attacks.
[3][4] IABs seek access to virtual private networks, remote desktop protocol, Web applications, and email servers.
[1] By providing initial access, IABs allow other cyber criminals like ransomware groups to more quickly infiltrate networks and launch attacks without wasting time to gain entry themselves.
This access as a service model - in analogy to the software as a service model - provides scalability and efficiency to cybercriminal operations.