There is one common denominator in the world of Cybersecurity today, and that is new threat variants are simply just rehashes of older vectors. The Cyberattacker of today doesn’t want to spend time creating something from scratch, rather, if they can get their hands on anything, and just refine it a little bit more, that would be the best option.
In other words, it is just a matter of building a better
mousetrap. But even these days, there are
plenty “as a Service” attack toolkits that are available for purchase, for
literally pennies on the dollar. Some examples of this are Ransomware as a Service,
Phishing as a Service, you name it.
But there is one threat variant which lurks out there, and
this what is known as an “Infostealer”.
You might be wondering what it is, so here is the technical definition
of it:
“An information stealer (or info stealer) is
a Trojan that is designed to gather information from a system. The most common
form of info stealer gathers login information, like usernames and passwords,
which it sends to another system either via email or over a network.
Other common information stealers, such as keyloggers, are
designed to log user keystrokes which may reveal sensitive information.”
So as you can see from the definition, this kind of
malicious payload uses the old-fashioned means in which to deploy itself – primarily
through Trojan Horses and Keyloggers. In
fact, Infostealers have been around since 2006, and are basically scrapers that
go after your confidential information, primarily your passwords and other
sorts of financial information.
It does this all covertly, without you even knowing about
it. Probably the most famous of these is
known as the “Zeus Trojan”, and more information about this can be seen at the
link below:
But according to a new report entitled "Stealers Are
Organization Killers”, there is now an upward trend in the number of Infostealer
hacks that are happening today. They now
attack all systems, including Windows, MacOS, and all of the different flavors
of Linux. This can be seen in the illustration
below:
You can view the report in more detail at this link:
https://www.uptycs.com/blog/infostealer-rise-in-danger
But what is also fueling the growth in the Infostealers is
Generative AI, largely thanks to ChatGPT.
So given this trend, what can a business do help mitigate the risks of a
Infostealer infiltration? Here are three
quick strategies that you can deploy:
1)
Be proactive:
By this, I mean you need to keep a
constant vigil on the threat environment, on a real time basis. Of course, all of this can be automated, by
using a SIEM. But you want to go beyond
this. For instance, you an always start
with a Vulnerability Scan, but the best way to track down these malicious payloads
is to Penetration Test at least once a quarter. True, they can be expensive (at
least $30,000 per test), but many Cyber vendors now offer packages in which you
can get a license in which you can conduct an unlimited amount of Penetration
Tests for a flat, annual fee.
2)
Implement good Access Control Policies:
Of course, you have no control as
what your employees do with their own, personal devices. But you have this with company issued devices,
and all of your Cloud based deployments.
Make sure that you review your security policies in this regard on a
regular basis, and keep updating them.
But even more importantly, implement Privileged Access Management technology
(also known as “PAM”) to further protect superuser accounts.
3) Try to keep up:
You will always, as far as possible,
want to stay ahead of the proverbial cat
and mouse game. One of the best ways is
to keep analyzing the information and data that your network security devices
are giving you, and try to keep modeling the future Cyber Threat Landscape as
it fits for your business. Of course, no human can do this kind of herculean
task on their own, so this is where both AI and ML will become very useful to you.
My Thoughts On This:
I think that this is the first time I have written anything on topic, but I learned quite a bit from it. Oh yea, along with the above-mentioned tips, don’t forget the good ole fashioned one: Always keep training your employees, especially about how to recognize a Phishing email, Trojan Horses, and Key Loggers. Also, try to daily antivirus and antimalware scans on all company issued equipment on a daily basis.
No comments:
Post a Comment