Kaspersky Digital Footprint Intelligence research has revealed that corporate devices are facing a growing threat from info-stealers.
In fact, data extracted from data-stealing malware log files available on the dark web shows that the share of corporate users compromised with such malware has increased by 34 percentage points since 2020.
In 2023, experts concluded that every second device (53 per cent) infected with credential-stealing malware was corporate, based on data indicating that the biggest share of info-stealer infections was found in the Windows 10 Enterprise version.
Further, 21 per cent of employees whose devices were infected ran the offending malware repeatedly.
Noting the dangers associated with malware, Kaspersky explained that after infecting a single device, cybercriminals can gain access to all accounts – both personal and corporate.
One log file contains credentials with a corporate email as a login to an average of 1.85 corporate web applications, including webmail applications, customer data processing systems, internal portals, and more, it shared.
Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence, commented: “We were curious to know if corporate users re-open malware, thereby allowing cybercriminals to again access data collected from a previously infected device without needing to infect it again.”
Shcherbel explained that to investigate this, the team examined a sample of log-files containing data likely related to 50 banking organisations across various regions.
“We found 21% of employees reopened the malware again, and 35% of these reinfections occurred more than three days after the initial infection. This may indicate several underlying issues, including insufficient employee awareness, ineffective incident detection and response measures, a belief that changing the password is sufficient if the account has been compromised, and a reluctance to investigate the incident,” said Shcherbel.
In order to minimise the impact of a data leak caused by info-stealer activity, Kaspersky made a number of recommendations:
- Change passwords for compromised accounts immediately and monitor them for suspicious activity;
- Advise potentially infected users to run antivirus scans on all devices and remove any malware;
- Monitor dark web markets for compromised accounts to detect compromised accounts before they affect the cybersecurity of customers or employees;
- Utilise Kaspersky Digital Footprint Intelligence to detect potential threats and take prompt action.