Rapid7 Releases 2025 Access Brokers Report Highlighting Cybercrime Trends and Defense Strategies

Rapid7's 2025 Access Brokers Report analyzes dark web access sales, revealing tactics and prices for compromised network access.

Quiver AI Summary

Rapid7, Inc. has published its 2025 Access Brokers Report, which analyzes the illicit underground marketplaces where cybercriminals sell access to corporate networks. Based on six months of threat intelligence from dark web forums, the report reveals that initial access to compromised networks can be acquired for under $1,000, with significant access levels often included. Findings indicate that many sales offer admin privileges or multiple access vectors, suggesting that once attackers gain access, much of the groundwork has already been laid for their intrusion. The report stresses the importance of integrating threat detection and exposure management, advocating for measures such as enforcing multi-factor authentication and conducting regular red team exercises to bolster defenses. Rapid7 emphasizes the need for security practices to be unified, context-rich, and responsive to effectively counter persistent threats from access brokers.

Potential Positives

Rapid7 released its 2025 Access Brokers Report, providing critical insights into the underground marketplaces where cybercriminals trade access to corporate networks, reinforcing its position as a thought leader in cybersecurity.
The report highlights the average sale price of compromised access at just over $2,700, indicating a significant market that security teams need to understand and address.
The findings support Rapid7's product vision, particularly the recent launch of Incident Command, which integrates threat intelligence into security workflows, enhancing overall defense strategies for clients.
The research provides actionable recommendations for organizations to strengthen their defenses against initial access attacks, demonstrating Rapid7's commitment to operationalizing threat intelligence for effective cybersecurity management.

Potential Negatives

The report highlights a concerning trend in the accessibility of initial access to compromised networks, indicating a significant vulnerability in corporate security that may undermine confidence in Rapid7’s capabilities.
The average sale price of just over $2,700 for access to corporate networks may suggest that organizations are at high risk of being targeted, raising questions about the effectiveness of existing security measures.
With 71.4% of access broker sales including elevated privileges, it underscores that initial access can be more than minimal, indicating a deep compromise and a potential failure in response to severe threats.

FAQ

What is the Access Brokers Report about?

The report analyzes illicit underground marketplaces where cybercriminals buy and sell access to corporate networks, based on threat intelligence.

How much does initial access to networks cost?

Initial access to compromised businesses is often sold for less than $1,000, with the average sale price around $2,700.

What are common access types mentioned in the report?

The most common access types include VPN, Domain User, and RDP, which are frequent weak points in security investigations.

What are some recommendations for organizations to reduce risk?

Organizations should enforce MFA, invest in threat-informed detection, and conduct red team exercises to identify vulnerabilities.

Where can I read the full Access Brokers Report?

The full report is available at https://www.rapid7.com/lp/initial-access-brokers-report/.

Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.

$RPD Congressional Stock Trading

Members of Congress have traded $RPD stock 4 times in the past 6 months. Of those trades, 2 have been purchases and 2 have been sales.

Here’s a breakdown of recent trading of $RPD stock by members of Congress over the last 6 months:

REPRESENTATIVE JEFFERSON SHREVE has traded it 4 times. They made 2 purchases worth up to $100,000 on 04/07, 03/31 and 2 sales worth up to $100,000 on 05/12, 02/24.

To track congressional stock trading, check out Quiver Quantitative's congressional trading dashboard.

$RPD Insider Trading Activity

$RPD insiders have traded $RPD stock on the open market 4 times in the past 6 months. Of those trades, 0 have been purchases and 4 have been sales.

Here’s a breakdown of recent trading of $RPD stock by insiders over the last 6 months:

CHRISTINA LUCONI (Chief People Officer) has made 0 purchases and 4 sales selling 34,039 shares for an estimated $906,386.

To track insider transactions, check out Quiver Quantitative's insider trading dashboard.

$RPD Hedge Fund Activity

We have seen 129 institutional investors add shares of $RPD stock to their portfolio, and 159 decrease their positions in their most recent quarter.

Here are some of the largest recent moves:

FMR LLC removed 2,160,430 shares (-69.4%) from their portfolio in Q1 2025, for an estimated $57,272,999
UBS AM, A DISTINCT BUSINESS UNIT OF UBS ASSET MANAGEMENT AMERICAS LLC added 1,209,856 shares (+112.4%) to their portfolio in Q1 2025, for an estimated $32,073,282
PENSERRA CAPITAL MANAGEMENT LLC added 851,108 shares (+45.3%) to their portfolio in Q2 2025, for an estimated $19,686,128
JONES FINANCIAL COMPANIES LLLP added 749,167 shares (+756734.3%) to their portfolio in Q1 2025, for an estimated $19,860,417
POINT72 ASSET MANAGEMENT, L.P. added 675,030 shares (+45.4%) to their portfolio in Q1 2025, for an estimated $17,895,045
READYSTATE ASSET MANAGEMENT LP added 607,095 shares (+inf%) to their portfolio in Q2 2025, for an estimated $14,042,107
MARSHALL WACE, LLP added 554,612 shares (+116.6%) to their portfolio in Q1 2025, for an estimated $14,702,764

To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.

$RPD Analyst Ratings

Wall Street analysts have issued reports on $RPD in the last several months. We have seen 3 firms issue buy ratings on the stock, and 1 firms issue sell ratings.

Here are some recent analyst ratings:

UBS issued a "Buy" rating on 08/08/2025
Raymond James issued a "Outperform" rating on 08/08/2025
DA Davidson issued a "Underperform" rating on 05/13/2025
Jefferies issued a "Buy" rating on 03/31/2025

To track analyst ratings and price targets for $RPD, check out Quiver Quantitative's $RPD forecast page.

$RPD Price Targets

Multiple analysts have issued price targets for $RPD recently. We have seen 16 analysts offer price targets for $RPD in the last 6 months, with a median target of $26.5.

Here are some recent targets:

Michael Walkley from Canaccord Genuity set a target price of $32.0 on 08/11/2025
Patrick Colville from Scotiabank set a target price of $20.0 on 08/11/2025
Anne Meisner from Susquehanna set a target price of $18.0 on 08/11/2025
Gregg Moskowitz from Mizuho set a target price of $25.0 on 08/08/2025
Adam Borg from Stifel set a target price of $22.0 on 08/08/2025
Matthew Hedberg from RBC Capital set a target price of $23.0 on 08/08/2025
Roger Boyd from UBS set a target price of $34.0 on 08/08/2025

Full Release

BOSTON, Aug. 12, 2025 (GLOBE NEWSWIRE) -- Rapid7, Inc. (NASDAQ: RPD), a leader in threat detection and exposure management, today released its 2025 Access Brokers Report , a new research analysis of illicit underground marketplaces where cybercriminals buy and sell access to corporate networks. Drawing on six months of threat intelligence from dark web forums Exploit, XSS, and BreachForums, the report uncovers new insights into how initial access to compromised businesses is being sold — often for less than $1,000 — and the steps defenders can take to disrupt the process in its earliest stages.

Rapid7’s threat intelligence researchers analyzed hundreds of posts by Initial Access Brokers (IABs) offering access to compromised networks across a range of industries and regions. Their findings paint a stark picture: “initial” access doesn’t necessarily equate to minimal; in many cases, this access represents a deep compromise.

“This report shows that initial access brokers aren’t intent upon finding a single way into an organization’s network and then quickly exiting — they’re making attempts to explore the networks they’ve infiltrated. And they’re often succeeding,” said Raj Samani, SVP and chief scientist at Rapid7. “In doing so, the IAB can offer buyers admin privileges, multiple access types, or both. By the time a threat actor logs in using the access and privileged credentials bought from a broker, a lot of the heavy lifting has already been done for them. Therefore, it’s not about if you’re exposed, but whether you can respond before the intrusion escalates.”

Key report findings include:

The vast majority of access broker sales ( 71.4% ) offer more than just a specific access vector ; they also include a level of privilege — and in nearly 10% of those sales, it’s a bundle with multiple initial access vectors and/or privileges.
The average sale price hovered just over $2,700, with nearly 40% of offerings priced between $500–$1,000 .
VPN, Domain User, and RDP were the most common access types — the very same weak points seen in Rapid7’s incident response investigations .

The Access Brokers Report arrives as security teams grapple with alert fatigue, limited resources, and evolving attacker tradecraft. It supports Rapid7’s growing body of evidence that exposure management and threat detection must be operationalized together, not handled in isolation.

This vision underpins the company’s recent launch of Incident Command , an AI-native SIEM that unifies prevention, detection, intelligence, and response within a single workflow. With its seamless integration of Intelligence Hub , Incident Command gives security teams direct access to the same curated threat insights that informed this report — now embedded into detection logic and investigation workflows.

In addition to in-depth forum analysis, the report outlines concrete steps organizations can take to harden defenses and reduce attacker dwell time:

Enforce MFA — especially on VPN, RDP, and user accounts that access critical infrastructure.
Invest in threat-informed detection and response — including unified platforms that correlate access signals with suspicious activity.
Run regular red team exercises to identify exposure paths like abandoned accounts, default credentials, and externally accessible RDP services.

This research reinforces Rapid7’s position that threat detection and exposure management must be fast, unified, and context-rich. As highlighted in the company’s recognition in the 2025 Frost Radar for MDR , operationalizing threat intelligence, asset context, and automation isn’t just a best practice — it’s a requirement.

Initial Access Brokers and the forums they use have long been analyzed by threat intelligence teams. While law enforcement activity and takedowns continue, access brokers remain a persistent threat to organizations around the world.

To read a full copy of the report, visit https://www.rapid7.com/lp/initial-access-brokers-report/ .

About Rapid7
Rapid7, Inc. (NASDAQ: RPD) is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class technology, leading-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers unite cloud risk management with threat detection and response to reduce attack surfaces and eliminate threats with speed and precision. For more information, visit our website , check out our blog , or follow us on LinkedIn or X .

Rapid7 Media Relations
Stacey Holleran
Sr. Manager, Global Communications
[email protected]
(857) 216-7804

Rapid7 Investor Contact
Ryan Gardella / Ryan Flanagan
ICR, Inc
[email protected]
(617) 865-4277