Page 130 - Cyber Defense eMagazine June 2024
P. 130

Infostealer malware poses a considerable threat since it can exfiltrate large volumes of high-quality data
            in  seconds.  Typically  sold  as  malware-as-a-service,  or  MaaS,  these  stealers  are  often  bundled  with
            services aimed at making the malware harder to detect by antivirus and other endpoint security solutions.
            This ability to bypass these solutions can leave little to no trace of the bad actor's existence on a victim's
            device, and few network-based indicators to pursue. SpyCloud found that in 2023 alone, the average
            digital identity had a 1 in 5 chance of already being a victim of an infostealer malware infection.

            The sheer volume and diversity of infostealer families active on the darknet further exacerbate the threat.
            More than 52 infostealer families were active on the darknet in 2023, with four entirely new families
            discovered in the last quarter of the year.

            That said, it's not just the scale of these attacks that poses a risk to users; it's also the nature of the
            targeted data. In the current cyber landscape, safeguarding against increasingly sophisticated identity
            threats requires a new approach.



            Next-generation protections

            Current malware remediation strategies focus on addressing malware-compromised devices but neglect
            valuable  identity  data  like  session  cookies  and  other  PII  already  exposed  on  the  darknet.  If  not
            remediated, criminals will sell or trade this data on the darknet to facilitate additional cybercrimes long
            after devices have been wiped.

            Organizations need a robust post-infection remediation strategy that addresses and accounts for data
            stolen in an attack. By proactively monitoring the darknet for compromised data, organizations can get a
            more holistic look at their attack surface. Security teams can then force users to reset exposed data, such
            as session cookies, and cut off criminals' entry points before they can cause harm.

            IT  teams  must  prioritize  solutions  offering  heightened  visibility  that  tackle  security  vulnerabilities
            stemming  from  malware.  By  shifting  from  a  device-centric  to  identity-centric  malware  remediation
            strategy,  security  teams  can  proactively  mitigate  the  risks  of  infostealer  malware,  preserving  brand
            reputation and companies' bottom line.



            About the Author

            Trevor is the Vice President of SpyCloud Labs. Trevor served nine years in the
            U.S. Army and has an extensive background in federal law enforcement, tracking
            threat actors for both the DoD and FBI. He is a member of the Joint Ransomware
            Task Force and serves in an advisory capacity for multiple cybersecurity-focused
            non-profits. He has spoken at numerous US and international cyber conferences,
            holds multiple federal and industry certifications in the field of cybersecurity, and
            is a recipient of the President's Volunteer Service Award for volunteer service
            aimed at countering cyber threats.

            Trevor can be reached online at SpyCloud’s website https://spycloud.com/




            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          130
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   125   126   127   128   129   130   131   132   133   134   135