Data-stealing malware incidents skyrocketed in 2023, with nearly 10 million devices targeted and cybercriminals extracting an average of 50.9 login credentials per compromised device, according to a Kaspersky report. . These credentials are used for malicious purposes such as organizing cyber-attacks and selling them on dark web forums and his secret Telegram channel. Stolen credentials range from social media logins to online banking services, cryptocurrency wallets, and corporate online platform logins.
The report highlights .com domains as the epicenter of account compromises, followed by domain zones related to Brazil (.br), India (.in), Colombia (.co), and Vietnam (.vn). Masu.
Data provided by Kaspersky Digital Footprint Intelligence shows a significant 643% increase in malware over the past three years. This highlights the growing threat that malware poses to both individual consumers and businesses around the world. According to the report, 443,000 websites around the world have dealt with credential breaches in the past five years.
This information was obtained from monitoring Infostealer malware log files that are actively traded in the underground market. Other recent reports have also found an increase in the use of “hunter-killer” malware.
In 2023, the number of log files and infections decreased by 9% compared to the previous year.
The report's authors warn that it remains likely that leaked credentials in 2023 will appear on the dark web throughout this year, and the actual number of infections could rise beyond the reported 10 million. did.
Infection rate expected to increase
Based on an assessment of the dynamics of Infostealer log files, Kaspersky Lab predicts that approximately 16 million people will be infected in 2023.
In terms of domain-specific statistics, the report notes that .com domains are in the most difficult situation, with approximately 326 million logins and passwords compromised by information thieves in 2023. The Brazilian .br domain had 29 million compromised accounts, followed by .in (India). .co (Colombia) has 8 million compromised accounts, .co (Colombia) has nearly 6 million and .vn (Vietnam) has over 5.5 million compromised accounts.
Patrick Tiquet, vice president of security and architecture at Keeper Security, warned that malicious actors are incredibly motivated and have a wealth of tools to adapt to the situation. “Like defensive tools, these tools will continue to evolve. Attackers will continue to refine their attacks to evade detection and leverage new tools such as AI to carry out attacks at scale. ,” Tickett said.
One of the characteristics of ransomware attacks is that cybercriminals infect as many things as possible to ensure they receive their reward.
Social engineering tactics remain a favorite tool of bad actors. They manipulate users online or in person and force them to divulge personally identifying information (PII) that can be used to access their computer networks or to misrepresent someone else's identity.
Zendata CEO Narayana Pappu said access to financial information is typically the biggest motivator for attacks. Other reasons include using open system credentials to access another system/platform, performing social engineering fraud to access information from trusted circles, and cybercriminals using credentials. These include e-commerce fraud where you purchase items.
Papp added that a common way for cybercriminals to steal user information is to use publicly available information on the dark web or hacking forums, such as leaked or exposed passwords, combined with social engineering.
“Generative AI makes it easier to implement social engineering at scale and imitate people that end users trust,” says Pappu. “This includes things like fake voicemails, photos, and text patterns.”
Password managers, PAM in defensive tactics
“We encourage all organizations, not just individuals, to deploy password managers and enforce strong, unique passwords to thwart attacks on the front lines,” Tickett said. .
Password managers can generate and store passwords for each account, reducing password reuse and the accompanying cybersecurity risks that can lead to these harmful attacks. It also helps identify malicious URLs when the website requesting credentials doesn't match what's stored in the user's vault.
Privileged Access Management (PAM) platforms are another solution that helps organizations manage and protect privileged credentials and enforce least-privilege access. PAM solutions work by closely monitoring privileged account access and activity while also maintaining regulatory compliance requirements. It also prevents misuse of access by privileged users and reduces cyber risk. When cybercriminals gain access to an organization's network, a PAM platform can minimize the attack surface by preventing lateral movement.
Another important measure to protect your data and reduce the damage from cyber-attacks is to regularly back up your data on the cloud.
Ransomware encrypts critical business data using encryption keys held by the attacker, making the data unavailable to victims. Victims are forced to make an incredibly difficult decision: pay the ransom to regain access to their keys and data, or potentially lose access to their data forever. “With backups, victims can restore their data without paying a ransom,” Tickett said. “But education is just as important.”
As cyberthreats continue to infiltrate our online experiences, it's imperative that everyone stays up to date with the latest threats, always thinks before they click, and practices good cyber hygiene, Tikett said. Ta.
Recent articles by author