Login
Get started
Get started Login
Products
Solutions
KNOWLEDGE
HELP CENTER
COMPANY

Open web

DARK WEB

DATASETS

TECHNOLOGIES

Learn

Your hub for web data

BLOG

Large Language Models: What Your Data Must Include

Large Language Models like ChatGPT, and BERT need huge and quality datasets. Here's what their datasets should include.

Back to all Dark Web Pulses
Web Intelligence

Debunking the Myths: Why Your Devices Aren’t Safe from ATO and Other Threats Due to Infostealers

June 4, 2024    
Debunking the Myths: Why Your Devices Aren’t Safe from ATO and Other Threats Due to Infostealers

Today, organizations rely on devices for almost everything. This makes keeping them secure truly critical. Yet, malware like information stealers (infostealers) poses an all-too-common and constant threat of account takeover (ATO), business email compromise (BEC) and more. 

Earlier this month, for example, an employee device infected with infostealing malware resulted in a ransomware attack against Change Healthcare. The end result? Devasting business disruption and a ransom payment of $22 million.

There’s a surprising amount of misinformation about infostealers – how prevalent they are, how exposed organizational devices really are, and the clear and present dangers to reputation, revenues and even business continuity these threats pose. This guide will clear up these misconceptions, debunk some prevalent myths, and provide a clearer picture of the real dangers.

Table of Contents

What are infostealers?

Infostealers are a type of malware designed specifically to extract sensitive information from compromised systems. They steal personal, financial, and business data like passwords, credit card details, and other confidential information. Once harvested, this data is transmitted to cybercriminals, who exploit it for various illicit purposes.

Infostealing malware infiltrates systems through phishing emails, malicious attachments, compromised websites, and other means. Once inside, it operates covertly, making detection challenging for users and security software alike. Advanced infostealers are particularly adept at adapting to their environment, importing tailored payloads to gather specific information. 

How exposed are most devices to infostealers? Here are three myths that may make you think twice about how safe you are:

Myth 1: Multi-Factor Authentication (MFA) ensures complete security

Multi-Factor Authentication (MFA), where users provide two or more verification factors to gain access to a system or account, enhances security by adding layers of authentication. It reduces the likelihood of unauthorized access even if one factor is compromised.

However, MFA is not foolproof. One significant threat is keyloggers – malicious programs that surreptitiously capture keystrokes, enabling attackers to obtain both the MFA codes and passwords entered by users. By intercepting these credentials, cybercriminals can bypass MFA and gain unauthorized access to sensitive accounts. 

Another common infostealing method is MFA bombing (also known as MFA fatigue attacks), where an attacker floods a victim’s phone with numerous authentication requests, overwhelming them with prompts. This tactic aims to disrupt the victim’s workflow, leading to frustration or distraction. Often, users will click on a link or supply credentials just to end the annoyance.

Just recently, Apple device users have been receiving incessant password reset prompts and vishing calls from a number attempting to spoof Apple’s legitimate customer support line, in a concerted attempt to either steal credentials directly or install infostealers on devices. It’s clear that while MFA significantly enhances security, it has its limitations. 

Myth 2: Using a VPN keeps all your data secure

A VPN is essentially an encrypted tunnel protecting your data as it travels online. VPNs excel at scrambling your data with uncrackable codes, making it impossible for hackers to eavesdrop. They also hide your real IP address, adding an extra layer of protection by making you a less traceable target. This is especially valuable when using unsecured public Wi-Fi networks, where your data is more vulnerable.

Yet while VPNs are excellent tools for online security, they aren’t a one-stop solution against all hacking attempts. For example, VPNs can’t stop malware or phishing. They can’t prevent malware from infecting your device or erase human error like clicking a malicious link in a phishing email.

By combining a VPN with other security measures and maintaining good online hygiene, you can significantly strengthen your defenses.

Myth 3: Only high-value targets are at risk

Everyone is at risk from infostealers. While infostealers can be used to target high-value accounts for financial gain or access to sensitive information, they are often cast in a wide net to collect any valuable data they can find. Here’s why everyone should be cautious:

  • Infostealers are an easy way in – Using infostealers on personal devices, hackers can first breach this “low hanging fruit”, then use this to gain access to other, more privileged accounts. 
  • Low barrier to entry – Unlike complex cyberattacks, infostealers are readily available and relatively easy to use, making them accessible to a wider range of attackers. 
  • Data is valuable – Even seemingly unimportant information like usernames, passwords, browsing history, or email addresses can be valuable on the black market. Criminals can use this data for identity theft, spam campaigns, or selling it to other attackers.
  • Automation makes it easy – Infostealers can be automated to scan large numbers of devices or exploit vulnerabilities in popular software. This means they can infect a large number of machines indiscriminately.
  • Everyone has something worth stealing – In the digital world, everyone has some form of data that could be attractive to attackers. This could include login credentials for online accounts (banking, social media, email), credit card information, personal documents (tax forms, passports), private messages or emails, and more.

How infostealers work

Infostealers operate by surreptitiously infiltrating devices to harvest sensitive information for malicious purposes. They typically begin by exploiting vulnerabilities in software or using social engineering tactics to gain access. 

Common infostealer infiltration methods include phishing emails containing malicious attachments or links, enticing users to unwittingly download and execute the malware. Infostealers can also masquerade as legitimate software downloads or updates, tricking users into installing them voluntarily.

Once installed, infostealers operate discreetly in the background, often evading detection by security software. Signs of infection include unusual system behavior such as sluggish performance, unexpected pop-up messages, or unauthorized access to sensitive data.

Infostealers employ a range of tactics to exfiltrate data, including keylogging to capture keystrokes, screen capturing to record user activity, and scraping browser data for saved passwords and login credentials. As discussed above, some advanced infostealers can even bypass multi-factor authentication using various methods, resulting in ATOs, BECs and worse..

How to protect devices from infostealers 

To safeguard devices from infostealers, it is crucial to adopt robust cybersecurity practices. This includes robust cyber hygiene practices and educating employees on cybersecurity best practices.

To mitigate the risk of infostealers, organizations can invest in advanced security tools like endpoint detection and response (EDR) solutions. Additionally, breach detection services such as Webz.io’s Lunar can reliably and rapidly detect infostealers once they’ve infected a device, enabling organizational security stakeholders to take action to mitigate and remediate, before the attack evolves into a widespread breach that could lead to greater damage and costs.

The bottom line

Company and personal devices remain vulnerable to sophisticated infostealer malware, which can bypass traditional security measures like MFA and VPNs. Infostealer attacks can be a serious “foot in the door” for threat actors with far bigger plans in mind.

Organizations can further strengthen their security posture with advanced tools like endpoint detection and response solutions and (especially) dark web monitoring services like those offered by Webz.io.

By understanding the constant threat posed by infostealers and implementing comprehensive security measures, organizations can significantly improve the chances of keeping data safe, avoid ATO and BEC, and keep and businesses operating at full productivity and profitability.

To find out how Webz.io Lunar can help mitigate the dangers of infostealers for your company’s devices, talk to one of our experts today.

Spread the News
Previous Post
Next Post

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Read More

Could Panasonic’s Breach Have Been Prevented?
January 24, 2022    

Could Panasonic’s Breach Have Been Prevented?

On November 26, 2021, Panasonic joined a long list of companies that suffered a data breach over the past year. See the posts we found in the dark web that could indicate that an attack was in the making.
Top 5 Ransomware Group Trends in 2021
January 24, 2022    

Top 5 Ransomware Group Trends in 2021

Ransomware gangs ramped up their cyber attacks in 2021. Here are 5 trends related to these groups that you need to know.
The Rise in Use of Alternative Social Media Platforms for Illicit Activities
January 24, 2022    

The Rise in Use of Alternative Social Media Platforms for Illicit Activities

The year of 2021 has seen the rise of alternative social media platforms. Discover the top illicit discussion topics we monitored on these sites.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED

Don't be the last one to know!

Chances are your compromised data is already traded on the dark web.
Ready to discover them and protect your business?

Let's go
Has Your Data Been Breached?

Find breaches, stolen credentials and malware risks on the deep and dark web.

Start Free Scan
Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
get started
Create your API account and get instant access to millions of web sources
SEE DEMO