The distribution of infostealer malware has seen a significant increase in the past year, according to a new study by the Uptycs research team. Infostealers are a type of malware that quietly collects sensitive information such as website credentials, passwords, and financial data from compromised user accounts. While infostealers have been around since the emergence of the Zeus online banking Trojan in 2006, the recent surge in their distribution is causing concern among security analysts.
The Uptycs study, titled “Stealers Are Organization Killers,” reveals that incidents involving infostealer malware more than doubled in the first quarter of 2023 compared to the same period last year. This alarming growth in the volume of infostealers is not the only cause for concern. Criminal organizations are also finding new ways to customize, market, and deploy infostealer malware on a larger scale than ever before.
Infostealers, which were originally simple, single-purpose malware, have evolved into sophisticated tool sets with advanced evasion techniques and modular architecture. Some operators even use generative artificial intelligence (AI) to mimic human-like behaviors. This transformation has been driven by criminal groups’ desire to infiltrate more systems and the emergence of new web platforms that facilitate the creation and deployment of infostealer malware.
In the past, building and deploying an infostealer required basic coding and IT operations skills. However, with the rise of malware-as-a-service offerings on Dark Web forums, anyone with a laptop and as little as $50 in their bank account can initiate their own malicious campaigns. Encrypted communication platforms like Telegram and Discord have become popular marketplaces for operators and buyers of infostealer malware. These platforms also facilitate the buying and selling of stolen data, with a growing number of transactions taking place directly within the platforms.
To mitigate the growing threat of infostealers, chief information security officers (CISOs) should consider adopting three strategies. Firstly, prioritizing real-time detection is crucial. Vulnerability assessments are important for identifying weaknesses that attackers might exploit, but they are reactive measures that do little to prevent infostealer operators from leveraging user credentials to bypass authentication systems. By implementing a comprehensive extended detection and response (XDR) approach, CISOs can streamline data collection to gain a unified view across networks and endpoints, enabling proactive and rapid threat detection and response.
Secondly, enforcing strict access controls is essential. Infostealers typically target sensitive data, including personally identifiable information, financial information, login credentials, and proprietary business data. To protect this data, security leaders should establish governance over the entire infrastructure and implement stronger safeguards where vulnerabilities exist. Encrypting sensitive data at rest and in transit can make it unreadable to unauthorized users.
Lastly, understanding the context of potential vulnerabilities is crucial in combating infostealer attacks. By analyzing the broader context of an attack, such as the data most likely to be targeted or the most actively exploited vulnerabilities, security teams can prioritize potential vulnerabilities and mount an effective response. This contextual understanding is also valuable for proactive threat hunting, which can help identify and address vulnerabilities before they are exploited.
The battle against infostealers is a constant cycle of adaptation and counter-adaptation between threat actors and security teams. Staying ahead of malware operators requires a comprehensive strategy that combines advanced technology, constant vigilance, proactive threat hunting, and ongoing education. By adopting these strategies, CISOs can better protect their organizations from the growing threat posed by infostealer malware.