Credential Stuffing Surge Targets Businesses and Individuals.
The recent surge in credential stuffing attacks highlighted by Okta serves as a stark reminder of the importance of robust cyber security practices. These attacks…
Information-stealing malware sees spike in popularity
Researchers at Accenture’s Cyber Threat Intelligence team have written a report documenting a surge in the popularity of information stealing (infostealer) malware on the dark web.
The spike in infostealer’s popularity is not only down to the ability to harvest usernames and passwords from infected devices but is also because of the malware’s ability to harvest cookie data, which can allow threat actors to bypass multi-factor authentication (MFA). The rise is also due to the popularity of compromised credential marketplaces, where threat actors can buy and sell stolen credentials. The researchers noted that there had been an increase in the number of credentials for sale between July and October 2022, with one of the most popular sites seeing a 40% increase in sales in that time – jumping from 3.3 million to 4.5 million logs available for sale.
The researchers were also able to document the infostealing malware most seen in attacks between July and October 2022, with the malware variant RedLine being used the most by threat actors.
Preventions:
Malware can pose a significant risk to individual devices, organisations, networks, and services. Some types of malware are designed to look for other devices connected to the network of the host device to infect. This may be not only laptops and PCs but also servers and internet-of-things devices. An infected device brought into a work environment can pose a significant security risk and could allow malicious users into your network.
To protect your organisation against malware:
- Ensure that a system administrator must approve any new software before being downloaded
- Keep your antivirus turned on and updated on all work devices
- Regularly check that all your devices and software are on the latest updates
- Limit the use of USB drives within your organisation. You can do this by blocking access to physical USB ports to most users, as well as by only allowing approved drives to be used with your organisation’s devices (and nowhere else)
- Educate staff on the dangers of malware and where it can originate from, such as from phishing emails or malicious or compromised websites.
- Use a non-administrator account for day-to-day activities – only use admin accounts for administrative purposes on your network
Related Links:
https://www.accenture.com/us-en/blogs/security/information-stealer-malware-on-dark-web – Published 5th of December
https://www.cybersecuritydive.com/news/infostealer-malware-surge-dark-web-mfa-fatigue-attacks/637977/ – Published 5th of December
Related articles
Cisco Firewall Vulnerabilities: Urgent Action Needed to Protect Against State-Sponsored Espionage
Businesses and organisations relying on Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defence (FTD) firewalls are being advised to take immediate action to protect…
Cybercriminals Threaten Release of Sensitive World-Check Database
A recent cyber attack has resulted in a serious data breach affecting the World-Check database, a critical tool used by financial institutions and other organisations…