Malicious Actors: Three Steps to Success

Three Steps to Success

You probably clicked on this article because you thought I was going to provide some career advice or some way to reach your personal goals this year, but I’ll apologize now – this article outlines three steps to success for the malicious actor. Hopefully, after I explain how they are achieving this success, you can better protect yourself from an attacker who is using these steps.

This year has been an interesting one for me. I have seen an ever-increasing number of info-stealers targeting specific geographical markets, and in particular, one vertical that exists in that market. But I’m sure the success of these attacks will lead to a spread outside of this vertical.

What’s the Vertical?

Honestly, I’d prefer not to dive too deeply into this subject matter as I don’t want to raise awareness further around their weak security state and make them an even higher priority target. Needless to say, if it can happen to them, it can happen to anyone.

Step 1, Where it All Begins.

The info-stealer has become a more valuable starting point for a lot of attackers. Ransomware used to be that starting point, but as people start to find stronger ways of combating this and potentially not wanting to pay, it’s just too risky (from a profitability standpoint for the malicious actor) to start here.

So Why Info-Stealer?

Your data has more value outside of your organization than in your organization. Social security numbers, routing and bank account information, intellectual property, and, most important to the next stage of success (for the malicious actor), your passwords. More specifically, your IT security team’s passwords.

Why Are Their Passwords So Important?

Well, there are a couple of reasons for this, but from the malicious actor’s point of view, it lets them (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Blog. Read the original post at: Cylance Blog