Infostealer Malware Fuels the Cybercriminal Underground
Infostealer malware is a dangerous trend, enabling initial access brokers to sell stolen authentication data to other criminals.
Each year, cybercrime analytics company SpyCloud investigates data collected on identity exposure and cybercrime from the year before. SpyCloud’s latest annual Identity Exposure Report identified, among other things, more than 721 million exposed credentials and 22 million unique devices infected with malware in 2022.
Below is a summary of the top trends identified in SpyCloud’s report.
Infostealer Malware Has Led to Increased Credential Exposure
As has been the case in prior reports, credentials play a key role in cybersecurity incidents and are responsible for 45% of non-error, non-misuse data breaches.
Unlike in past years, attackers in 2022 shifted their tactics from traditional account takeover (like using credential pairs from combo lists for credential stuffing attacks) to using infostealer malware to steal authentication data from devices and browsers. Not only can infostealers evade antimalware detection, but they are easy to deploy and highly successful. Infostealers are also a cost-effective option for attackers, with prices as low as $200 to $300.
The Spycloud report also indicates that of the 721.5 million credentials exposed, nearly half of them came from botnets – robot networks that infect and control devices to siphon credentials, cookies, and other data crucial to impersonating users.
“The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like initial access brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals,” said SpyCloud director of security research Trevor Hilligoss in a press release.
Related: Ransomware, at Your Service
“Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime,” Hilligoss added. “This broker-operator partnership is a lucrative business with a relatively low cost of entry.”
As infostealer logs grow abundant in the criminal underground, exposing browser data and device data, cybercriminals get better access to the data they need to emulate device fingerprints, bypass security checks, and enter systems undetected.
Password Hygiene Remains a Problem
Endpoint security products detected a spike in malware attempts, reporting nearly 4 billion attempts in 2022. One contributing factor to the frequency and success of these attacks is high password reuse rates.
Despite organizational efforts to educate users on password hygiene, people commonly use celebrity names or pop culture references as passwords. Among the most popular passwords recaptured in 2022 were Bennifer, Hulu, Ukraine, and Queen Elizabeth, Spycloud said.
Related:Passwordless Authentication Is Ready for Its Close-up
Government Sector Remains at High Risk for Malware
The government sector is more vulnerable to malware-infected devices than enterprises, according to Spycloud. Seventy-four percent of exposed government credentials were exfiltrated by malware. The last year also saw an increase in data breaches – SpyCloud found 695 data breaches associated with .gov email addresses.
About the Author
You May Also Like