Friday, September 8, 2023

The Rise Of The Infostealer - What You Need To Know

 

There is one common denominator in the world of Cybersecurity today, and that is new threat variants are simply just rehashes of older vectors.  The Cyberattacker of today doesn’t want to spend time creating something from scratch, rather, if they can get their hands on anything, and just refine it a little bit more, that would be the best option.

In other words, it is just a matter of building a better mousetrap.  But even these days, there are plenty “as a Service” attack toolkits that are available for purchase, for literally pennies on the dollar.  Some  examples of this are Ransomware as a Service, Phishing as a Service, you name it. 

But there is one threat variant which lurks out there, and this what is known as an “Infostealer”.  You might be wondering what it is, so here is the technical definition of it:

“An information stealer (or info stealer) is a Trojan that is designed to gather information from a system. The most common form of info stealer gathers login information, like usernames and passwords, which it sends to another system either via email or over a network.

Other common information stealers, such as keyloggers, are designed to log user keystrokes which may reveal sensitive information.”

(SOURCE:  https://www.trendmicro.com/vinfo/us/security/definition/Info-stealer#:~:text=An%20information%20stealer%20(or%20info,email%20or%20over%20a%20network.)

So as you can see from the definition, this kind of malicious payload uses the old-fashioned means in which to deploy itself – primarily through Trojan Horses and Keyloggers.  In fact, Infostealers have been around since 2006, and are basically scrapers that go after your confidential information, primarily your passwords and other sorts of financial information. 

It does this all covertly, without you even knowing about it.  Probably the most famous of these is known as the “Zeus Trojan”, and more information about this can be seen at the link below:

https://www.darkreading.com/attacks-breaches/us-sets-5-million-bounty-for-russian-hacker-behind-zeus-banking-thefts

But according to a new report entitled "Stealers Are Organization Killers”, there is now an upward trend in the number of Infostealer hacks that are happening today.  They now attack all systems, including Windows, MacOS, and all of the different flavors of Linux.  This can be seen in the illustration below:



(SOURCE:  https://www.darkreading.com/vulnerabilities-threats/3-strategies-to-defend-against-resurging-infostealers)

You can view the report in more detail at this link:

https://www.uptycs.com/blog/infostealer-rise-in-danger

But what is also fueling the growth in the Infostealers is Generative AI, largely thanks to ChatGPT.  So given this trend, what can a business do help mitigate the risks of a Infostealer infiltration?  Here are three quick strategies that you can deploy:

1)     Be proactive:

By this, I mean you need to keep a constant vigil on the threat environment, on a real time basis.  Of course, all of this can be automated, by using a SIEM.  But you want to go beyond this.  For instance, you an always start with a Vulnerability Scan, but the best way to track down these malicious payloads is to Penetration Test at least once a quarter. True, they can be expensive (at least $30,000 per test), but many Cyber vendors now offer packages in which you can get a license in which you can conduct an unlimited amount of Penetration Tests for a flat, annual fee. 

2)     Implement good Access Control Policies:

Of course, you have no control as what your employees do with their own, personal devices.  But you have this with company issued devices, and all of your Cloud based deployments.  Make sure that you review your security policies in this regard on a regular basis, and keep updating them.  But even more importantly, implement Privileged Access Management technology (also known as “PAM”) to further protect superuser accounts.

3)     Try to keep up

You will always, as far as possible, want  to stay ahead of the proverbial cat and mouse game.  One of the best ways is to keep analyzing the information and data that your network security devices are giving you, and try to keep modeling the future Cyber Threat Landscape as it fits for your business. Of course, no human can do this kind of herculean task on their own, so this is where both AI and ML will become  very useful to you.

My Thoughts On This:

I think that this is the first time I have written anything on topic, but I learned quite a bit from it.  Oh yea, along with the above-mentioned tips, don’t forget the good ole fashioned one:  Always keep training your employees, especially about how to recognize a Phishing email, Trojan Horses, and Key Loggers.  Also, try to daily antivirus and antimalware scans on all company issued equipment on a daily basis.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...