Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime
Why MFA Can't Combat Growing Info Stealer Malware Attacks
Accenture Threat Intel Lead Howard Marshall on Watching Dark Web to Understand TTPsAccording to Accenture Security's Cyber Threat Intelligence team, information stealer malware - malicious software designed to steal victim information, including passwords - has become one of the most discussed malware types on the cybercriminal underground in 2022.
See Also: Gartner Guide for Digital Forensics and Incident Response
"Our reconnaissance team started noticing back in about July of this year … increased chatter amongst cybercriminals in dark web forums around the utility of info stealers," says Howard Marshall, who leads Accenture Security's global cyber threat intelligence team. While "info stealers are not necessarily new," he says, "there's something different about info stealers now."
"We have found that criminal groups are utilizing new versions of info stealers to not just aim at individual accounts, which is what they've primarily been used for in the past, but to aim them at enterprises and large organizations to not just steal usernames and passwords, but to actually steal system data, cookies and other information necessary to bypass standard security protocols, things like MFA," Marshall says.
"Enterprises need to consider the fact that the threat actor is actually in your system. So creating any password changes is not necessarily going to defeat them. They're already present in the network, in the system. So folks should be thinking about understanding that a threat hunt is likely necessary or even an incident response engagement, more likely, to expel the threat actor before taking remedial steps to ensure an enterprise is secure," he says.
In this video interview with Information Security Media Group, Marshall discusses:
- How info-stealer malware is gaining popularity on the dark web amid the rise of MFA fatigue attacks;
- The TTPs used by the adversaries to deploy this malware;
- Practical steps organizations can take to mitigate the risk of MFA fatigue attacks and social engineering attempts.
Prior to joining Accenture, Marshall spent over 20 years working with the FBI before retiring as the deputy assistant director of the agency's Cyber Division. He held six other positions during his tenure, including special agent in charge of the Louisville Division.