While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure. The 2023 report identified over 22 million unique devices infected by malware last year. Of the 721.5 million exposed credentials recovered by SpyCloud, roughly 50% came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers enable cybercriminals to work at scale, stealing valid credentials, cookies, auto-fill data, and other highly valuable information to use in targeted attacks or sell on the darknet.
“The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like Initial Access Brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals,” said Trevor Hilligoss, Director of Security Research at SpyCloud. “Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime. This broker-operator partnership is a lucrative business with a relatively low cost of entry.”
Cybercriminals have doubled down and exploited the economic downturn, growing hybrid workforce, ghost accounts from terminated employees, and increased outsourcing, which elevates third-party exposure. When employees access corporate networks using unmanaged or undermanaged devices infected with malware, threat actors have an easy way into critical business applications, including single sign-on platforms and virtual private networks.
SpyCloud researchers recaptured millions of credentials harvested from popular third-party business applications exposed to malware in 2022. The data exfiltrated from these apps – including code repositories, customer databases, messaging platforms, and HR systems – gives bad actors the information needed to deploy damaging follow-on attacks like ransomware. If these credentials are not properly remediated and remain active, they will continue to pose an ongoing threat for organizations, even after the device has been cleared of the malware.
No comments:
Post a Comment