Infostealer Malware Fuels the Cybercriminal Underground

Infostealer malware is a dangerous trend, enabling initial access brokers to sell stolen authentication data to other criminals.

Alyse Burnside, Contributor

March 16, 2023

2 Min Read
flurry of cyber threat icons

Each year, cybercrime analytics company SpyCloud investigates data collected on identity exposure and cybercrime from the year before. SpyCloud’s latest annual Identity Exposure Report identified, among other things, more than 721 million exposed credentials and 22 million unique devices infected with malware in 2022.

Below is a summary of the top trends identified in SpyCloud’s report.

Infostealer Malware Has Led to Increased Credential Exposure

As has been the case in prior reports, credentials play a key role in cybersecurity incidents and are responsible for 45% of non-error, non-misuse data breaches.

Unlike in past years, attackers in 2022 shifted their tactics from traditional account takeover (like using credential pairs from combo lists for credential stuffing attacks) to using infostealer malware to steal authentication data from devices and browsers. Not only can infostealers evade antimalware detection, but they are easy to deploy and highly successful. Infostealers are also a cost-effective option for attackers, with prices as low as $200 to $300. 

The Spycloud report also indicates that of the 721.5 million credentials exposed, nearly half of them came from botnets – robot networks that infect and control devices to siphon credentials, cookies, and other data crucial to impersonating users. 

Related:Post-infection Remediation Needed to Combat Ransomware Attacks

“The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like initial access brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals,” said SpyCloud director of security research Trevor Hilligoss in a press release.

Related: Ransomware, at Your Service

“Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime,” Hilligoss added. “This broker-operator partnership is a lucrative business with a relatively low cost of entry.” 

As infostealer logs grow abundant in the criminal underground, exposing browser data and device data, cybercriminals get better access to the data they need to emulate device fingerprints, bypass security checks, and enter systems undetected. 

Password Hygiene Remains a Problem

Endpoint security products detected a spike in malware attempts, reporting nearly 4 billion attempts in 2022. One contributing factor to the frequency and success of these attacks is high password reuse rates.

Despite organizational efforts to educate users on password hygiene, people commonly use celebrity names or pop culture references as passwords. Among the most popular passwords recaptured in 2022 were Bennifer, Hulu, Ukraine, and Queen Elizabeth, Spycloud said.

Related:Passwordless Authentication Is Ready for Its Close-up

Government Sector Remains at High Risk for Malware

The government sector is more vulnerable to malware-infected devices than enterprises, according to Spycloud. Seventy-four percent of exposed government credentials were exfiltrated by malware. The last year also saw an increase in data breaches – SpyCloud found 695 data breaches associated with .gov email addresses. 

About the Author(s)

Alyse Burnside

Contributor, ITPro Today

Alyse Burnside is a writer and editor living in Brooklyn. She is working on a collection of personal essays about queerness, visibility, and the hyperreal. She's especially interested in writing about cybersecurity, AI, machine learning, VR, AR, and ER.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like