Why access brokers have stubbornly remained successful

Why access brokers have stubbornly remained successful

From Safe Mode Podcast by Safe Mode Podcast

May 14, 2026 · 32 min

About this episode

Anna Pham discusses the tactics of initial access brokers and their impact on ransomware operations.

Anna Pham of Huntress joins Safe Mode to discuss the current landscape of initial access brokers and how their tactics continue to support ransomware operations. She explains that attackers are still finding success with drive-by downloads, Trojanized installers, fake browser updates, click-fix attacks, exposed RDP, VPN weaknesses, and vulnerable edge devices. The conversation also covers how access is monetized, what defenders can look for before ransomware deployment, and why limited endpoint visibility often leaves organizations exposed. Fam emphasizes that basic cyber hygiene still matters: close exposed ports, enforce MFA, use complex passwords, apply least privilege, patch systems, and maintain broad visibility across the environment. In our reporter chat, Greg talks with Matt Kapko about the security incident that impacted Canvas.

People in this episode

Host: Greg

Guest: Anna Pham

Topics covered

  • initial access brokers
  • ransomware operations
  • cyber hygiene
  • endpoint visibility
  • security incidents

Keywords

  • access brokers
  • ransomware
  • cybersecurity
  • drive-by downloads
  • Trojanized installers
  • MFA
  • vulnerabilities
  • endpoint visibility

Mentioned in this episode

Organizations: Huntress

Books & works: Canvas

More episodes of Safe Mode Podcast

Explore listener stats, chart rankings, contacts and more on the Safe Mode Podcast podcast page.