Infostealers: today’s shortcut to obtain your data
The first infostealer was discovered more than 15 years ago, targeting passwords and financial information. Infostealers now operate as malware-as-a-service (MaaS) and steal more than just passwords. They often evade detection by antiviruses due to constant updates and self-removal after stealing data.That is why the user may not suspect that he has fallen into a trap.
So, what data do we risk "sharing" if we get infected with infostealer?
Notable ones, namely:
- Credentials from all browsers;
- System information about the host;
- Access tokens to Discord, Telegram, Steam;
- Session cookies;
- FPT/SSH accounts;
- VPN creds;
- Crypto wallets;
- Autofills from all browsers;
- Installed software on the host;
- Documents on the desktop, etc.
Quite a lot, right? Basically, it is a backup of the most sensitive and critical data. But to the attacker's server. At FS Group, we’ve researched infostealers for 3 years and have seen a sharp rise in stolen data between 2020-2021, and it continues to grow today. Why so? Because it is quite cheap and effective to work with - deploying infostealers can be free or for only a few hundred dollars, when the access to servers with stolen data is around 150$/month.
Common infection channels include unlicensed programs and phishing attacks, but they are also often found in the archives with stolen data (yes, criminals deceive other criminals).
We often get the question - what is the difference between a data leak/breach and infostealer data theft? Doesn't monitoring data leaks mean monitoring stolen data as well? So, both involve exposure of confidential information, but in a data breach, the affected company or domain is often disclosed. In infostealer thefts, logs are being posted without details about the companies or domains involved, making it harder to detect. Also, the types of data inside the leaked database and infostealer logs are completely different, and the approach for processing this data vary.
That is why at FS Group we have developed the product Steal Insight, which is designed to solve problems related to infostealer threats.
The illustrative part of Steal Insight Dashboard
This tool securely collects and analyzes publicly available stolen logs, sorting them by OS, country, domain, etc. on the Steal Insight Dashboard. It tracks FTP accounts, desktop files, crypto wallets, and more, also monitoring whether accounts have been listed for sale online. All in order to put this data on our monitoring and in case of which to be aware of when, by whom and how this data was stolen.
According to the latest infographic by our analysts, the top 5 European countries where infostealers stole the most data are Spain, Germany, France, Italy and Romania, but the threat is global.
So how to prevent this threat and protect yourself if the theft happened?
Proactive methods of protection are vigilance to the letters that come to your mail, avoiding interaction with suspicious attachments and using licensed software - this is the foundation.
If the incident has already taken place, most likely you will not know about it immediately if you do not use monitoring tools. Credentials can be used during an escalation to gain access to more resources, potentially leading to database access and even larger leaks.
To avoid escalation, it is necessary to isolate the affected host and perform a security audit of the company's network. Steal Insight tool provides information on exactly which stealer worked in your case and which specific host was affected with all the accompanying stolen information.
You can use a free one-time check of your domain and emails until 31.12.2024 to find out if you have been ever affected by the infostealer and get further advice in case your digital assets were stolen. To apply for check please follow the form below:
Free domain check by FS Group.
Stay safe and contact FS Group if you are interested in evaluating the full potential of integrating Steal Insight into your cyber security strategy.
