What is hidden behind remote attacks on corporate networks?
The Australian Centre for Cyber Security (ACSC) is warning organizations of the growing threat from malware known as "infostealers." These programs collect sensitive data from users' devices, such as passwords, bank card and cryptocurrency wallet data, as well as information from browsers such as cookies and autofill forms. The collected data is then used by cybercriminals to gain access to corporate networks and systems.
Infostealers are often distributed through phishing emails, pirated programs, and malicious links on various platforms, including social networks. Devices used for both work and personal needs are especially vulnerable, which is associated with a lower level of security. This leads to compromised corporate networks and subsequent attacks such as extortion, compromise of business email, and theft of intellectual property.
Australian companies that allow their employees to work remotely from personal devices should be especially careful. Several incidents investigated by the ACSC showed that data breaches and serious attacks on corporate networks began with the compromise of employees' personal devices. Criminals used stolen credentials to gain access to privileged accounts.
Infostealers play a key role in cybercrime, becoming a simple tool for attackers with limited technical skills. Some of them are sold on a "Malware-as-a-Service" (MaaS) model, which allows novice cybercriminals to attack targeted systems with ease.
Cybercriminals can remotely control victims' devices by using infostealers to collect sensitive information, including files and passwords. The obtained data is often sold on shadow markets or used for extortion and blackmail. Attackers can also run other types of malware on already infected devices.
To reduce risk, the ACSC recommends that organizations implement multi-factor authentication (MFA), restrict access to privileged accounts, and regularly train employees on the basics of cybersecurity. This will help prevent phishing attacks and accidental malware downloads.
It is also important to monitor user activity, especially those who work remotely, and identify anomalies in a timely manner. Organizations are advised to implement "Bring Your Own Device" (BYOD) policies to improve the security of employees' personal devices that are used for work.
The ACSC strongly recommends that organizations prepare an incident response plan and take the necessary steps to protect against infostealer attacks.
Source
The Australian Centre for Cyber Security (ACSC) is warning organizations of the growing threat from malware known as "infostealers." These programs collect sensitive data from users' devices, such as passwords, bank card and cryptocurrency wallet data, as well as information from browsers such as cookies and autofill forms. The collected data is then used by cybercriminals to gain access to corporate networks and systems.
Infostealers are often distributed through phishing emails, pirated programs, and malicious links on various platforms, including social networks. Devices used for both work and personal needs are especially vulnerable, which is associated with a lower level of security. This leads to compromised corporate networks and subsequent attacks such as extortion, compromise of business email, and theft of intellectual property.
Australian companies that allow their employees to work remotely from personal devices should be especially careful. Several incidents investigated by the ACSC showed that data breaches and serious attacks on corporate networks began with the compromise of employees' personal devices. Criminals used stolen credentials to gain access to privileged accounts.
Infostealers play a key role in cybercrime, becoming a simple tool for attackers with limited technical skills. Some of them are sold on a "Malware-as-a-Service" (MaaS) model, which allows novice cybercriminals to attack targeted systems with ease.
Cybercriminals can remotely control victims' devices by using infostealers to collect sensitive information, including files and passwords. The obtained data is often sold on shadow markets or used for extortion and blackmail. Attackers can also run other types of malware on already infected devices.
To reduce risk, the ACSC recommends that organizations implement multi-factor authentication (MFA), restrict access to privileged accounts, and regularly train employees on the basics of cybersecurity. This will help prevent phishing attacks and accidental malware downloads.
It is also important to monitor user activity, especially those who work remotely, and identify anomalies in a timely manner. Organizations are advised to implement "Bring Your Own Device" (BYOD) policies to improve the security of employees' personal devices that are used for work.
The ACSC strongly recommends that organizations prepare an incident response plan and take the necessary steps to protect against infostealer attacks.
Source
