A surge in data-stealing malware incidents targeted nearly 10 million devices in 2023, with cybercriminals extracting an average of 50.9 login credentials per compromised device, according to a Kaspersky report. Those credentials are used for malicious purposes such as orchestrating cyberattacks or vending them on dark web forums and clandestine Telegram channels. The stolen credentials encompass a broad spectrum, ranging from social media logins to online banking services, crypto wallets, and corporate online platform logins.
The report highlighted the .com domain as the epicenter of compromised accounts, closely trailed by domain zones associated with Brazil (.br), India (.in), Colombia (.co) and Vietnam (.vn).
The data, sourced from Kaspersky Digital Footprint Intelligence, showed a massive 643 percent surge in malware over the past three years. That highlights the growing threat malware poses to both individual consumers and businesses worldwide. According to the report, 443,000 websites worldwide have grappled with compromised credentials over the past five years.
The information was derived from the monitoring of infostealer malware log files actively traded in underground markets. Other recent reports have found use of “hunter-killer” malware is also rising.
There was a nine percent decline in the number of log files and infections in 2023 compared to the preceding year.
The possibility of credentials compromised in 2023 surfacing on the dark web throughout the current year remains high, warned the report’s authors, potentially inflating the actual number of infections beyond the reported figure of 10 million.
Kaspersky projects the tally of infections in 2023 to hover around 16 million, based on its assessment of infostealer log file dynamics.
Concerning domain-specific statistics, the report noted the .com domain as the most embattled, with nearly 326 million logins and passwords compromised by infostealers in 2023. The .br domain for Brazil witnessed 29 million compromised accounts, trailed by .in (India) with 8 million, .co (Colombia) with nearly 6 million, and .vn (Vietnam) with over 5.5 million compromised accounts.
Patrick Tiquet, vice president of security and architecture at Keeper Security, cautioned that bad actors are incredibly driven and they have plenty of tools to fit the occasion. “These tools will continue to evolve, just as defensive tools do, with threat actors continuously refining their attacks to evade detection and utilizing new tools like AI to perform them at a larger scale,” Tiquet said.
One hallmark of a ransomware attack is that the cybercriminal infects as many things as possible to ensure they receive a payout.
Social engineering tactics are still a favored tool of bad actors. They manipulate users, either online or in person, and coerce them into divulging Personally Identifiable Information (PII) that can be used to access a computer network or assume someone else’s identity.
Narayana Pappu, CEO at Zendata, said access to financial information is usually the biggest motive for attack. Other reasons include using credentials from open systems to access another system/platform, implementing social engineering scams to gain access to information from trusted circles, and e-commerce scams where cybercriminals purchase items using your credentials.
Publicly available information (such as leaked or exposed passwords), either in the dark web or in hacking forums, combined with social engineering, as common ways cybercriminals steal user information, Pappu added.
“Generative AI makes it easier to implement social engineering at scale and mimic people the end users trust,” Pappu said. “This includes fake voicemails, pictures or writing patterns.”
“We recommend all organizations, as well as individuals, implement a password manager and enforce the use of strong, unique passwords to stop attacks on the frontline,” Tiquet said.
A password manager can generate and store passwords for each account, which helps to mitigate password reuse and the accompanying cybersecurity risks that can lead to these damaging attacks. It can also help with identifying malicious URLs if the website asking for credentials does not match what’s stored in the user’s vault.
A privileged access management (PAM) platform is another solution that helps organizations manage and secure privileged credentials and enforce least privilege access. A PAM solution works by tightly monitoring access and activity in privileged accounts while also maintaining regulatory compliance requirements. It also prevents privileged users from misusing their access, which reduces cyber risks. If a cybercriminal gains access to an organization’s networks, PAM platforms can minimize the blast radius by preventing lateral movement.
Another important measure to protect data and mitigate the damage of any cyber-attack is to regularly back up data on the cloud.
Ransomware encrypts vital business data with an encryption key that the attacker retains, making the data unavailable to the victim. The victim is then forced to make the incredibly difficult decision of paying the ransom to regain access to the key and the data, or potentially lose access to the data forever. “By having a backup, the victim can restore data without having to pay a ransom,” Tiquet said. “However, education is equally important.”
As cyber threats continue infiltrating our online experience, Tiquet said, it is imperative that everyone stay abreast of the latest threats, always think before they click and practice good cyber hygiene.
Recent Articles By Author