
Why access brokers have stubbornly remained successful
From Safe Mode Podcast by Safe Mode Podcast
May 14, 2026 · 32 min
About this episode
Anna Pham discusses the tactics of initial access brokers and their impact on ransomware operations.
Anna Pham of Huntress joins Safe Mode to discuss the current landscape of initial access brokers and how their tactics continue to support ransomware operations. She explains that attackers are still finding success with drive-by downloads, Trojanized installers, fake browser updates, click-fix attacks, exposed RDP, VPN weaknesses, and vulnerable edge devices. The conversation also covers how access is monetized, what defenders can look for before ransomware deployment, and why limited endpoint visibility often leaves organizations exposed. Fam emphasizes that basic cyber hygiene still matters: close exposed ports, enforce MFA, use complex passwords, apply least privilege, patch systems, and maintain broad visibility across the environment. In our reporter chat, Greg talks with Matt Kapko about the security incident that impacted Canvas.
People in this episode
Host: Greg
Guest: Anna Pham
Topics covered
- initial access brokers
- ransomware operations
- cyber hygiene
- endpoint visibility
- security incidents
Keywords
- access brokers
- ransomware
- cybersecurity
- drive-by downloads
- Trojanized installers
- MFA
- vulnerabilities
- endpoint visibility
Mentioned in this episode
Organizations: Huntress
Books & works: Canvas
More episodes of Safe Mode Podcast
- Why the autonomous SOC Is the wrong goal · June 11, 2026 · 34 min
- The last layer standing · June 4, 2026 · 36 min
- From Two Weeks to Three Days: The KEV Deadline Debate · May 29, 2026 · 37 min
- Can specialized security survive Daybreak and Mythos? · May 21, 2026 · 38 min
- Can you prove which agent did what? · May 7, 2026 · 28 min
- How government and Industry can raise the cost of cybercrime · April 30, 2026 · 43 min
Explore listener stats, chart rankings, contacts and more on the Safe Mode Podcast podcast page.