October 4, 2024
|
Infostealers series
It may sound a bit crude, but we often compare infostealers to dog poop: they don’t come flying at you, but you simply step into them. In other words, infostealer infections are almost always the result of user behavior. At this stage, infostealer attacks are generally not yet targeted at specific organizations or users.
One of the most common ways devices become infected is through downloads of illegal versions of commercial software that contain hidden infostealers. Many people seek out these cracked versions to obtain expensive software for free, such as games, professional tools, and software packages. When installing this free software, the user often unknowingly installs an infostealer as well.
The distribution of infostealers is an industry of its own. Distributors cleverly use social media to reach their target audiences. A common example is the ads young gamers encounter, promoting ‘mods’ for their favorite games, which frequently contain infostealers. This also affects organizations, especially when parents share a computer with their child and that computer is also used for work.
Another example of infostealer distribution is the abuse of search engines. Distributors create realistic-looking copies of legitimate programs, tricking users into unknowingly downloading these fakes. They advertise these fake copies in search engines or use Search Engine Optimization (SEO) to ensure they appear high in the search results. For the less vigilant user, these fakes are hard to distinguish from the original software.
However, downloads aren’t the only risk. Infostealers are also spread via phishing. An employee might receive a seemingly innocent email with an attachment that appears to come from a trusted source. As soon as the attachment is opened and the program in the attachment is executed by the user, the infostealer is installed on the device.
Additionally, infostealers can spread through dubious websites. When users visit unsafe or suspicious websites, they may unknowingly download malware that infects their devices. This often happens through pop-up windows that prompt users to download a seemingly harmless file, which in reality is an infostealer.
To protect yourself and your organization from these dangers, it is crucial to increase awareness. Especially when it comes to downloading software, the lack of awareness is alarming.
Information security is gaining increasing attention in healthcare organizations. We spoke about this with a large healthcare organization in the south of the Netherlands. Information security is an important theme for them: they continuously map out vulnerabilities and implement improvements. One of the tools they use for this is Passguard. Why? We asked the CIO.
November 6, 2024
Infostealers are developed as Malware-as-a-Service (MaaS). This model allows cybercriminals without deep technical knowledge to gain access to advanced malware by simply paying for a subscription. This makes infostealers more accessible for a wider range of criminals to launch attacks without having to develop malware themselves.
October 18, 2024
In recent years, many organizations have implemented effective measures to secure their networks and reduce the risk of phishing attacks. As a result, the effectiveness of traditional attack methods has significantly decreased. This poses a major problem for cybercriminals, as their entire ecosystem relies on successful attacks.
October 18, 2024
.svg)
