The Hackers’ big temptation
Infostealers are extremely tempting to the bad guys. In fact, data from recent studies and reports show a considerable proliferation of infostealers in recent years.
But…what is an infostealer?
– It’s a backdoor into any company’s corporate network.
– It consists of malware controlled remotely by criminals.
– They are designed to steal a lot in a short time. What do they steal? Credentials, messages, documents and any other data on an infected device. They can even take screenshots at any time.
– They started circulating and being sold on the dark web in the last few years.
How are they different from a virus?
- The goal of an Infostealer is to capture as much data as it can from your computer and relay it to the botnet’s command and control servers (a botnet is a network of infected devices).
- The second major difference is that, although many viruses have very obvious symptoms (poor computer performance, frequent crashes, etc.), infostealers are increasingly adept at acting “unseen”. Often, all this happens without the machine user knowing something is wrong.
This threat continues to grow, and they are becoming increasingly sophisticated. In other words, criminals can steal and maliciously exploit personal, private and corporate data with increasing ease. The result: most medium-sized and large organizations suffer from recurring infostealer infections.
As the use of infostealers, botnets and the circulation of sensitive personal data increases, it is critical to understand how risks involving the human factor (the weakest link in a company’s security chain) become weapons to compromise entire organizations.
Patterns and trends in botnets and infostealers
- Personal, home and non-enterprise devices are exploited as gateways to administrator accounts and corporate networks. The rise of digitization, connected devices, and the proliferation of remote work has made this attack vector challenging for many IT departments. In many cases, we find that the infected device is a home computer outside of the corporate infrastructure. Companies may not think this is relevant. However, analysis of the data exposed by infostealers reveals that cybercriminals frequently access corporate networks via VPNs or intranets. It is evident that COVID-19 and the need to work from home has been key factor in the proliferation of this risk.
- The volume of credentials exposed by infections is extremely high. The number of technical and security user credentials can be staggering, ranging from 500 to over 2,000 credentials in some cases. Hundreds of corporate logins have been identified, and dozens of them included admin or root users in a single user exposure. These credentials are stored in browsers that are often synchronized with other computers and phones. The leaked information often includes large volumes of credentials, confidential documents, wallets, credit cards and cookies. Leaking this sensitive data stored on browsers and devices means that high-risk information, including financial account logins, banking and banking app credentials (PayPal, Venmo, etc.) and sensitive Crypto data can be compromised through this threat, even if many services use two-factor authentication.
- Software Downloads are a key entry point for infostealers. Many infections come from software downloads, software cracking tools and technology tools. I’m sure we all have personal experience: when installing a new program or app, we are asked to briefly deactivate our antivirus or some security requirement. For this reason, we are finding several infected techs and even security profiles. In some cases, we have detected infections from network administrators who are evaluating or playing with technology tools. While personal and home devices have traditionally been most at risk, hybrid-virtual work systems involve remote access to DevOps and many more types of profiles. These factors create situations where even bad actors inadvertently infect their devices and networks with botnets.
Recommendations? We’ll leave that for another article in the coming weeks. However, education and training to increase personal awareness is a must. Educate yourself and your employees on the latest cybersecurity threats and best practices. Conduct regular security awareness training sessions to help them recognize and avoid potential cyber threats. Develop and implement clear security policies, guidelines and procedures for your organization.
If you need more information, check out I am Sally services. First of all, we can tell you in a short time if any of your devices are infected, which one and since when. We can tell you what information has already been leaked and is circulating on the dark web. And we can help you by constantly monitoring all your employees on a personalized basis. We work to give you peace of mind.