Black Arrow Cyber Insight 25 April 2024 – Understanding Infostealers: The Malicious Software Targeting Your Information
Executive summary
A recent report conducted by Kaspersky found that nearly 10 million devices fell victim to data-stealing malware, also known as “InfoStealers” in 2023. Put simply, an InfoStealer is malware that is built to collect and transmit sensitive information to unauthorised parties. Once stolen and transmitted, this information can be used or sold. Unlike ransomware, which often announces its presence with dramatic demands, infostealers operate in the shadows, harvesting your information.
What’s the risk?
Due to the sensitive nature of the information sought by InfoStealers, there is a genuine risk to the confidentiality of data. The data sought by an InfoStealer can include credentials, financial information, cookies, MFA tokens, text files, and machine information. The list of potential targets is extensive, especially so with many employees storing their credentials on personal devices. In a recent report, Mandiant, which is owned by Google, found that 10% of intrusions began with evidence of stolen credentials.
Infostealers can be delivered in a variety of ways, including through malicious attachments, unofficial software downloads and compromised websites. InfoStealers often try to disguise themselves as legitimate, in some cases tricking a victim in to running them and keeping them on their device. Anti-virus is not enough to stop them.
What can I do?
Mitigating the threat of InfoStealers requires practicing robust cyber hygiene. Organisations should adhere to leading practices, including downloading software exclusively from official sources, exercising caution with email links and attachments and maintaining visibility of the software ecosystem within their corporate environment.
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity