Web Intelligence

Debunking the Myths: Why Your Devices Aren’t Safe from ATO and Other Threats Due to Infostealers

Debunking the Myths: Why Your Devices Aren’t Safe from ATO and Other Threats Due to Infostealers

Today, organizations rely on devices for almost everything. This makes keeping them secure truly critical. Yet, malware like information stealers (infostealers) poses an all-too-common and constant threat of account takeover (ATO), business email compromise (BEC) and more. 

Earlier this month, for example, an employee device infected with infostealing malware resulted in a ransomware attack against Change Healthcare. The end result? Devasting business disruption and a ransom payment of $22 million.

There’s a surprising amount of misinformation about infostealers – how prevalent they are, how exposed organizational devices really are, and the clear and present dangers to reputation, revenues and even business continuity these threats pose. This guide will clear up these misconceptions, debunk some prevalent myths, and provide a clearer picture of the real dangers.

What are infostealers?

Infostealers are a type of malware designed specifically to extract sensitive information from compromised systems. They steal personal, financial, and business data like passwords, credit card details, and other confidential information. Once harvested, this data is transmitted to cybercriminals, who exploit it for various illicit purposes.

Infostealing malware infiltrates systems through phishing emails, malicious attachments, compromised websites, and other means. Once inside, it operates covertly, making detection challenging for users and security software alike. Advanced infostealers are particularly adept at adapting to their environment, importing tailored payloads to gather specific information. 

How exposed are most devices to infostealers? Here are three myths that may make you think twice about how safe you are:

Myth 1: Multi-Factor Authentication (MFA) ensures complete security

Multi-Factor Authentication (MFA), where users provide two or more verification factors to gain access to a system or account, enhances security by adding layers of authentication. It reduces the likelihood of unauthorized access even if one factor is compromised.

However, MFA is not foolproof. One significant threat is keyloggers – malicious programs that surreptitiously capture keystrokes, enabling attackers to obtain both the MFA codes and passwords entered by users. By intercepting these credentials, cybercriminals can bypass MFA and gain unauthorized access to sensitive accounts. 

Another common infostealing method is MFA bombing (also known as MFA fatigue attacks), where an attacker floods a victim’s phone with numerous authentication requests, overwhelming them with prompts. This tactic aims to disrupt the victim’s workflow, leading to frustration or distraction. Often, users will click on a link or supply credentials just to end the annoyance.

Just recently, Apple device users have been receiving incessant password reset prompts and vishing calls from a number attempting to spoof Apple’s legitimate customer support line, in a concerted attempt to either steal credentials directly or install infostealers on devices. It’s clear that while MFA significantly enhances security, it has its limitations. 

Myth 2: Using a VPN keeps all your data secure

A VPN is essentially an encrypted tunnel protecting your data as it travels online. VPNs excel at scrambling your data with uncrackable codes, making it impossible for hackers to eavesdrop. They also hide your real IP address, adding an extra layer of protection by making you a less traceable target. This is especially valuable when using unsecured public Wi-Fi networks, where your data is more vulnerable.

Yet while VPNs are excellent tools for online security, they aren’t a one-stop solution against all hacking attempts. For example, VPNs can’t stop malware or phishing. They can’t prevent malware from infecting your device or erase human error like clicking a malicious link in a phishing email.

By combining a VPN with other security measures and maintaining good online hygiene, you can significantly strengthen your defenses.

Myth 3: Only high-value targets are at risk

Everyone is at risk from infostealers. While infostealers can be used to target high-value accounts for financial gain or access to sensitive information, they are often cast in a wide net to collect any valuable data they can find. Here’s why everyone should be cautious:

  • Infostealers are an easy way in – Using infostealers on personal devices, hackers can first breach this “low hanging fruit”, then use this to gain access to other, more privileged accounts. 
  • Low barrier to entry – Unlike complex cyberattacks, infostealers are readily available and relatively easy to use, making them accessible to a wider range of attackers. 
  • Data is valuable – Even seemingly unimportant information like usernames, passwords, browsing history, or email addresses can be valuable on the black market. Criminals can use this data for identity theft, spam campaigns, or selling it to other attackers.
  • Automation makes it easy – Infostealers can be automated to scan large numbers of devices or exploit vulnerabilities in popular software. This means they can infect a large number of machines indiscriminately.
  • Everyone has something worth stealing – In the digital world, everyone has some form of data that could be attractive to attackers. This could include login credentials for online accounts (banking, social media, email), credit card information, personal documents (tax forms, passports), private messages or emails, and more.

How infostealers work

Infostealers operate by surreptitiously infiltrating devices to harvest sensitive information for malicious purposes. They typically begin by exploiting vulnerabilities in software or using social engineering tactics to gain access. 

Common infostealer infiltration methods include phishing emails containing malicious attachments or links, enticing users to unwittingly download and execute the malware. Infostealers can also masquerade as legitimate software downloads or updates, tricking users into installing them voluntarily.

Once installed, infostealers operate discreetly in the background, often evading detection by security software. Signs of infection include unusual system behavior such as sluggish performance, unexpected pop-up messages, or unauthorized access to sensitive data.

Infostealers employ a range of tactics to exfiltrate data, including keylogging to capture keystrokes, screen capturing to record user activity, and scraping browser data for saved passwords and login credentials. As discussed above, some advanced infostealers can even bypass multi-factor authentication using various methods, resulting in ATOs, BECs and worse..

How to protect devices from infostealers 

To safeguard devices from infostealers, it is crucial to adopt robust cybersecurity practices. This includes robust cyber hygiene practices and educating employees on cybersecurity best practices.

To mitigate the risk of infostealers, organizations can invest in advanced security tools like endpoint detection and response (EDR) solutions. Additionally, breach detection services such as Webz.io’s Lunar can reliably and rapidly detect infostealers once they’ve infected a device, enabling organizational security stakeholders to take action to mitigate and remediate, before the attack evolves into a widespread breach that could lead to greater damage and costs.

The bottom line

Company and personal devices remain vulnerable to sophisticated infostealer malware, which can bypass traditional security measures like MFA and VPNs. Infostealer attacks can be a serious “foot in the door” for threat actors with far bigger plans in mind.

Organizations can further strengthen their security posture with advanced tools like endpoint detection and response solutions and (especially) dark web monitoring services like those offered by Webz.io.

By understanding the constant threat posed by infostealers and implementing comprehensive security measures, organizations can significantly improve the chances of keeping data safe, avoid ATO and BEC, and keep and businesses operating at full productivity and profitability.

To find out how Webz.io Lunar can help mitigate the dangers of infostealers for your company’s devices, talk to one of our experts today.

Spread the News

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need


Don't be the last one to know!

Chances are your compromised data is already traded on the dark web.
Ready to discover them and protect your business?

Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
Create your API account and get instant access to millions of web sources