SBN

Key Points from ‘Defending Against the Infostealer Threat’

Infostealers are notably difficult to prevent because they exploit the weakest link in cybersecurity— human behavior. Instead of relying on complex multi-step attacks to compromise a system, infostealers convince the user to invite them in the front door. Here’s what’s happening, and how you can stymie the flow of attacks.

In recent times, the world of cybersecurity has been battling a significant surge in a type of malicious software known as “infostealers.” These threats are on the rise with incidents more than doubling in the first quarter of 2023 compared to the same period last year. The danger lies in their ability to compromise personal information and evade conventional cybersecurity defenses like Endpoint Detection and Response (EDR) and anti-malware solutions. Infostealers can bypass Multi-Factor Authentication (MFA) controls and can even appear as legitimate authentication or phishing attacks due to their access to sensitive information. Fortunately, proactive measures can help defend against this growing threat, and one such solution is offered by Enzoic, providing real-time alerts for compromised data. As with any cybersecurity threat, a proactive, layered posture is the best defense.

The Rise of Infostealers:

Infostealers are a type of information-stealing malware, designed to steal data from infected devices. Unlike ransomware which holds information hostage and demands a ransom, infostealers work silently, extracting data and then selling or publishing it on the Dark Web. These infostealers operate under a malware-as-a-service (MaaS) model, which allows attackers to extract data from compromised devices and then monetize this stolen information. Attackers might lease an infostealer from the Dark Web and then trick users into downloading and installing it by posing as legitimate software or free applications. The infostealer then infiltrates user devices and stealthily collects data from web browsers, email, social media accounts, cookies, crypto wallets, and gaming apps.

Infostealers focus on collecting a wide range of personally identifiable information (PII), including usernames, passwords, dates of birth, addresses, emails, credit card information, phone numbers, cookies, and more. The volume of stolen credentials for sale on the Dark Web from infostealers has grown significantly in recent years, highlighting the scale of the problem.

Claroty

Attack Methods:

The delivery of infostealers often relies on social engineering tactics. Threat actors use various methods to entice users into downloading and running their malicious programs, including masquerading as free video games or anti-virus software, sending phishing emails with malicious attachments, or developing fake websites that mimic trusted organizations. Once the user falls for these tricks and runs the program, the infostealer copies data from system folders containing sensitive information. This data is then exfiltrated to remote servers and packaged into easily readable “logs” that can be sold to other threat actors or used to further compromise victims’ computers. While the primary targets are often personal computers, the vast amount of highly sensitive information at stake poses significant risks to organizations through customers and employees.

The Shift to Targeting Enterprises:

Threat actors are increasingly targeting organizations, seeking to obtain proprietary information, customer databases, financial records, intellectual property, and trade secrets to sell on the Dark Web. The stolen credentials and data enable attackers to hijack sessions, bypass MFA, and gain unauthorized access to critical business information. The data is often sent to cybercriminals via third-party channels to preserve anonymity.

Infostealers primarily target autofills and password managers within web browsers. They can also steal files from device folders and cookies from other services like VPNs, Discord, or Telegram. In the US, 45 million people rely on browser-based password managers to protect their credentials online. The prevalence of password reuse exacerbates the problem, as exposed credentials can fuel credential stuffing and password-spraying attacks on other accounts and organizations. Furthermore, attackers can bypass MFA by using stolen cookies from victims’ browsers. This combination of factors means infostealers pose significant risks to organizations.

In fact, this year’s Blackberry Global Threat Intelligence Report lists infostealers as the most prominent threat to manufacturing, the most common risk faced by government agencies, and one of the top healthcare cyber concerns. The growth has been fueled both by the ease of use of MaaS, and extremely high value of the exposed information (e.g. plaintext credentials, credit card information, ID numbers, etc.). Kaspersky found that almost a quarter (24%) of malware sold as a service is now infostealers. The lowering of the barriers to entry enables threat actors with limited technical knowledge or capital to easily deploy the software to access networks.

Preventing Infostealer Attacks:

Infostealer attacks are challenging to prevent because they exploit human behavior, relying on social engineering tactics to convince users to download and install the malicious software. To mitigate this risk, organizations must proactively monitor and screen for compromised credentials and promote password best practices among their users. Since an organization cannot control what password individuals use for personal accounts on their devices, it is extremely important that they proactively monitor and screen for credential compromise to mitigate the vulnerability of password reuse.

Infostealers are on the rise, and they pose significant risks to individuals and organizations. Preventing infostealer attacks requires a proactive approach, including EDR, anti-malware, MFA, and continuous monitoring for compromised credentials. The threat landscape continues to evolve, making it crucial for organizations to stay vigilant and implement robust cybersecurity defenses.

The post Key Points from ‘Defending Against the Infostealer Threat’ appeared first on Enzoic.

*** This is a Security Bloggers Network syndicated blog from Blog | Enzoic authored by Enzoic. Read the original post at: https://www.enzoic.com/blog/key-points-from-the-infostealer-threat/