Information stealer malware, which is used by malicious threat actors to steal passwords and other sensitive credentials data, has flourished on underground criminal networks this year, according to research from Accenture’s Cyber Threat Intelligence team released Monday.
The use of infostealer malware has surged in recent months to allow criminal actors to quickly gain access to usernames, passwords and cookies at a very low cost, the research showed.
By using a malware-as-a-service model, a small, unaffiliated actor can engage without the need for vast resources or technical expertise.
“Infostealer features are being modernized to focus on beating [multifactor authentication] through the theft of cookies, system data, user information and data from various MFA apps, allowing threat actors to increasingly target enterprises as opposed to private user logins,” Thomas Willkan, cyber threat intelligence consultant, Accenture, said via email.
Organizations need to make sure operating systems and software are fully updated, use antivirus software and train staff on how to spot suspicious emails, according to Paul Mansfield, cyber threat intelligence analyst and blog author at Accenture.
Several high profile organizations fell victim to MFA-fatigue attacks, which involve multiple attempts to log onto accounts that use MFA, using stolen credentials. Lapsus$, one of the most prolific threat actors this year, used MFA fatigue attacks to launch several major campaigns.
Microsoft published threat research on Lapsus$ earlier this year showing the organization deployed malicious Redline password stealers to obtain passwords and session tokens.
The Department of Homeland Security’s Cyber Safety Review Board announced last week plans for a comprehensive review of Lapsus$.