<p>Infostealers do exactly as their name implies: The malware secretly steals sensitive information, such as passwords and financial information, from user endpoints and then transfers that information to a location selected by the attacker.</p>
<p>Infostealers have become far more prevalent in recent years, underpinning <a href=”https://www.techtarget.com/whatis/definition/dark-web”>dark web markets</a> where attackers actively buy, sell and trade the sensitive data they acquire. Unlike ransomware, where attackers draw attention in hopes of soliciting ransom payments, infostealers do their thievery in silence.</p>
<p>Let’s examine how infostealers work to provide CISOs, security leaders and practitioners with infostealer prevention and detection recommendations.</p>
<section class=”section main-article-chapter” data-menu-title=”How infostealers work”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>How infostealers work</h2>
<p>Infostealers typically employ a <a href=”https://www.techtarget.com/searchsecurity/definition/botnet”>botnet</a> architecture. Under a malware-as-a-service model, attackers essentially rent or subscribe to infostealers, configure them as desired and then launch attacks against endpoint targets. Attack methods vary widely, ranging from phishing attacks and malicious links to <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-avoid-and-prevent-social-engineering-attacks”>social engineering</a> and silent drive-by downloads.</p>
<p>Successful attacks infect user endpoints, which then become bots themselves, providing bad actors with command-and-control capabilities. Some infostealers do more than just steal data — for example, installing additional malware.</p>
<blockquote class=”main-article-pullquote”>
<div class=”main-article-pullquote-inner”>
<figure>
Infostealers aren’t new. Malware has been stealing data for decades … What is new is how easy it has become for anyone, regardless of skills, to use infostealers at scale.
</figure>
<i class=”icon” data-icon=”z”></i>
</div>
</blockquote>
<p>Attackers primarily seek user credentials, including usernames, passwords and secret cryptographic keys. They might also look for crypto wallets, bank account information and other financial data. Other common targets include:</p>
<ul class=”default-list”>
<li>Documents, spreadsheets and other files containing sensitive information.</li>
<li>Web browser history, cookies and autofill values, such as saved passwords and credit card numbers.</li>
<li>Technical information about the endpoint itself, its OS and its applications that can help attackers to plan future attacks.</li>
</ul>
</section>
<section class=”section main-article-chapter” data-menu-title=”How to respond to an attack”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>How to respond to an attack</h2>
<p>Infostealers aren’t new. Malware has been <a target=”_blank” href=”https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents” rel=”noopener”>stealing data for decades</a>, and the methods infostealers use to infect endpoints, such as phishing and drive-by downloads, aren’t new either. What is new is how easy it has become for anyone, regardless of skills, to use infostealers at scale. As a result, organizations are likely to face an increasing number of infostealer attacks.</p>
<p>Enterprise <a href=”https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan”>incident response plans and procedures</a> should already address the gamut of infostealer attacks. However, considering their frequency and impact — such as enabling access to admin accounts and decrypting and stealing sensitive information — it is worth reviewing incident response programs with infostealers in mind. For example, investigate how the organization would respond to a widespread infostealer attack affecting many endpoints simultaneously. Adjust processes and priorities as needed to reflect the significance of infostealer attacks. And be sure to include infostealer scenarios in <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-conduct-incident-response-tabletop-exercises”>incident response tests and exercises</a>.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”How to detect and prevent infostealers”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>How to detect and prevent infostealers</h2>
<p>Detecting and preventing infostealers requires using all of the tools designed to
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: