Infostealers are rapidly becoming one of the most dangerous tools in a hacker’s arsenal, particularly in environments where email remains a primary communication channel for enterprises. At their core, infostealers are a type of trojan designed by malware authors to harvest sensitive data such as login credentials, financial information, system details, and personally identifiable information.
These malicious files are engineered to extract as much information as possible, operating quickly and stealthily. Once collected, the stolen data is sent to command-and-control servers, where it can be exploited for various malicious purposes.
X-Labs Security Researcher at Forcepoint.
Infostealers in the wild
Some research suggests infostealers hit up to 10,000 victims per day; however Forcepoint research teams have observed increased activity from various infostealers recently, targeting victims in a number of ways.
The first is VIPKeyLogger, which circulates through phishing campaigns as an attachment that takes the form of an archive or Microsoft Office files. This exfiltrates data using Instant Messaging telegrams services or dynamic DNS services. Opening the attachment leads to a sequence of events that ultimately ends up in a series of data exfiltration such as recording keystrokes, collecting information like clipboard data, screenshots, browser history, and more.
Strela Stealer is also circulated via phishing campaigns containing attachments which further contains obfuscated script, and on execution of script, it performs malicious activity and harvests sensitive information including usernames, passwords, and other email configuration details, sending it over Command & Control servers.
Lastly, Rhadamanthys stealer was circulated in the holiday season and masquerades as travel industry emails with malicious document attachments. Clicking the documents triggers a chain of downloads and obfuscated scripts to steal user credentials and cryptocurrency wallet data. This campaign resembles the earlier Agent Tesla attacks, but uses novel obfuscation techniques.
Needless to say, infostealers are prevalent and appear in a number of different formats, making them harder than ever to defend against, which begs the question – how can you protect against increasingly sophisticated infostealers?
Protection against infostealers
If it wasn’t already clear, the rise of infostealers emphasizes the need for a sophisticated and holistic approach towards defending your organisation. To work most effectively, that approach must combine essential security measures, such as multi-factor authentication, with a proactive mindset. Cybercriminals are continuously evolving their tactics, so organizations must too in order to stay ahead.
Businesses need to make common practice out of minimizing vulnerabilities by encrypting data at rest and in motion to ensure only authorized individuals have access to sensitive data. Data loss prevention (DLP) solutions for email can help enterprises get control over inbound and outbound threats by supporting virus and malware blocking, spam filtering, content filtering and email archiving. And, of course, by regularly updating and hosting security audits, organizations can better understand if their security measures are effective and where they are lacking.
However, arguably one of the most important parts of an organization’s defense is its people. Employees must be aware of their role in organizational security. This includes the basics such as maintaining strong passwords and leveraging technologies like MFA, but should also include their ability to be constantly cyberaware. This means organisations have a role to play in ensuring employees know how to identify and act when faced with an attack, otherwise they have the potential to unknowingly bring the whole kingdom down from the inside. Human error can be the weakest link in the security chain, so it is important staff are educated.
Infostealers represent a growing and insidious threat in today’s digital era, preying on unprotected organizations and unknowing individuals. By combining strong technical defenses with a culture of security awareness, businesses can significantly reduce the risk of becoming a victim to these cyberattacks. When all is said and done, proactive prevention and informed employees are the ultimate line of defense.
We’ve compiled a list of the best business password managers.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro