SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses
SpyCloud, the leader in operationalizing Cybercrime Analytics (C2A), today released its 2023 SpyCloud Identity Exposure Report, an annual report examining trends related to how exposed data puts organizations and consumers at risk of cybercrime. In 2022, SpyCloud researchers recaptured 721.5 million exposed credentials from the criminal underground, and nearly 22 billion device and session cookie records that enable session hijacking through MFA bypass.
While massive public data breaches rightfully raise alarms, the spike in malware designed to exfiltrate data directly from devices and browsers is a key contributor to continued user exposure. The 2023 report identified over 22 million unique devices infected by malware last year. Of the 721.5 million exposed credentials recovered by SpyCloud, roughly 50% came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers enable cybercriminals to work at scale, stealing valid credentials, cookies, auto-fill data, and other highly valuable information to use in targeted attacks or sell on the darknet.
"The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like Initial Access Brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals," said Trevor Hilligoss, Director of Security Research at SpyCloud. "Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an 'anything-as-a-service' model to enable cybercrime. This broker-operator partnership is a lucrative business with a relatively low cost of entry."
Cybercriminals have doubled down and exploited the economic downturn, growing hybrid workforce, ghost accounts from terminated employees, and increased outsourcing, which elevates third-party exposure. When employees access corporate networks using unmanaged or undermanaged devices infected with malware, threat actors have an easy way into critical business applications, including single sign-on platforms and virtual private networks.
SpyCloud researchers recaptured millions of credentials harvested from popular third-party business applications exposed to malware in 2022. The data exfiltrated from these apps - including code repositories, customer databases, messaging platforms, and HR systems - gives bad actors the information needed to deploy damaging follow-on attacks like ransomware. If these credentials are not properly remediated and remain active, they will continue to pse an ongoing threat for organizations, even after the device has been cleared of the malware.
"Organizations are overlooking the mounting threat of sophisticated malware-based attacks and the protracted business impact of infected devices. Leaders need a new approach that disrupts the flow of stolen authentication data and mitigates the ongoing threat of these exposures," said Hilligoss. "Collectively, we need to start thinking about protecting digital identities using a Post-Infection Remediation approach, rather than solely focusing on cleaning individual infected devices. Taking action on exposed employee data before it can be used by criminals is paramount to preventing account takeover, fraud, ransomware and other forms of cybercrime."
With a comprehensive Post-Infection Remediation approach, security teams can augment their traditional cyber incident response playbooks with additional steps to fully negate opportunities for ransomware and other cyberattacks by resetting the application credentials and invalidating session cookies siphoned by infostealer malware.
Additional key findings from the 2023 report include:
To download the full report and discover how SpyCloud helps organizations disrupt cybercrime and defend against malware, ransomware and online fraud, visit: https://spycloud.com/resource/2023-annual-identity-exposure-report/.
SpyCloud transforms recaptured darknet data to protect businesses from cyberattacks. Its products operationalize Cybercrime Analytics (C2A) to produce actionable insights that allow enterprises to proactively prevent ransomware and account takeover, protect their business from consumer fraud losses, and investigate cybercrime incidents. Its unique data from breaches, malware-infected devices, and other underground sources also powers many popular dark web monitoring and identity theft protection offerings. SpyCloud customers include half of the ten largest global enterprises, mid-size companies, and government agencies around the world. Headquartered in Austin, TX, SpyCloud is home to nearly 200 cybersecurity experts whose mission is to make the internet a safer place.
To learn more and see insights on your company's exposed data, visit https://spycloud.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230314005401/en/