Key Takeaways
- Infostealer malware is a growing problem for cyber security teams, with 28,000 instances of stolen FTSE 100 employee credentials found in infostealer logs.
- The blurred line between corporate and personal IT is a major contributor to the spread of infostealer malware.
- Weak passwords and password reuse are significant risks, with more than half of FTSE 100 companies having at least one instance of an employee credential with a weak password.
- A multi-layered approach to protection is recommended, including employee education, password managers, multi-factor authentication, and proactive threat exposure monitoring.
Introduction to Infostealer Malware
Infostealer malware is a type of malware designed to exfiltrate user credentials, browser data, messages, documents, images, and device information. This type of malware is becoming increasingly widespread, as cyber criminals would rather log in than hack in. By stealing sensitive information, cyber criminals can bypass multi-factor authentication, take over accounts, commit fraud, craft better phishing campaigns, or sell the data to the highest bidder on the dark web. Infostealer malware is a significant problem for cyber security teams, and the data suggests that attacks have the potential to cause significant damage to businesses.
The Scale of the Problem
A recent analysis of the digital footprint of the UK’s biggest companies found 28,000 instances of stolen FTSE 100 employee credentials that had been leaked in infostealer logs. This is a concerning number, especially considering that these companies have the budgets and tools to be the most secure. However, despite their resources, they remain vulnerable to infostealer malware. This raises a critical point: if industry leaders are struggling to manage their threat exposure, then small and medium-sized businesses must face similar challenges. The fact that lax security policies are creating the perfect conditions for infostealer attacks to thrive is a significant concern.
Contributing Factors
One of the major reasons that infostealer malware has been allowed to flourish is the blurred line between corporate and personal IT. Employees are using their work devices, accounts, and applications at home and for personal use, and they are using their personal devices for work tasks. This creates a significant risk, as infected devices or accounts can easily spread malware to corporate systems. A surprisingly common source of infostealer malware is video games, specifically infected mods for popular games like Roblox, Fortnite, and Grand Theft Auto. If an employee is using a device to check their work emails and access sensitive documents, while also using the device for gaming, that poses a significant risk.
Weak Passwords and Password Reuse
The threat of infostealer malware is being made even worse because employees continue to use the same weak passwords across all their accounts. Research showed that more than half of FTSE 100 companies had at least one instance of an employee credential where the password was simply ‘password’. Likewise, these weak passwords or slight variations are often recycled across services used for business and personal purposes. If malware captures a login for one site, criminals will often test that password elsewhere, potentially unlocking a treasure trove of additional data they can use to further their objectives. This highlights the importance of educating employees on password hygiene and implementing password managers to help generate and store unique, strong passwords.
Recommended Actions
To protect against the risks of infostealer malware, it is beneficial to take a multi-layered approach. This means looking at ways to prevent leaks, while also ensuring the business is resilient if leaks do occur, which they inevitably will at some point. Following NCSC guidance is a great starting point, which might include employee education on password hygiene and the rollout of password managers. Implementing multi-factor authentication across the board, ideally using phishing-resistant options like passkeys, is also recommended. Reviewing how personal devices and applications are managed, as these are common entry points for malware, is also crucial. Updating BYOD policies and implementing conditional access policies, to block users from accessing corporate resources based on factors such as device compliance and risk level, are also recommended.
Final Thoughts
The threat of leaked credentials and infostealer malware might seem daunting, but there are definitive actions businesses can take to minimize the risk. This starts with acknowledging just how widespread this threat has become. Cyber criminals would rather log in than hack in, so it is essential to stop handing them the keys and making their job as simple as turning a lock. By taking a proactive approach to security, businesses can reduce the risk of infostealer malware and protect their sensitive information. This requires a combination of employee education, technical controls, and proactive monitoring, but the benefits of a secure business far outweigh the costs of implementing these measures.