A recent surge in password-stealing malware has security analysts warning of possible credential theft, especially for organizations that do not have the right protections in place. Malware is different from typical brute-force threats. Users infected with password-stealing malware will still expose their password even after changing it. Administrators can take several steps to stop it, and individuals should be aware of the primary ways malware can infect their devices and silently steal passwords.
Password Stealing Malware is Difficult to Eradicate
In a brute-force attack, automated attempts to authenticate into an application eventually find vulnerable accounts. Using dictionary lists, attackers can automate authentication attempts on thousands of accounts unhindered if the system does not detect and stop them. Malware, however, runs directly on the user’s device and could potentially spread across the network undetected for months.
Malware running on a device can steal any data from user input. The input could be on a web page, a corporate application, or in email. As the user enters information on their device, malware can eavesdrop and send it to an attacker-controlled server. Usually, malware looks for passwords and accounts, but keyloggers record every keystroke and send it to an attacker. It also sends information about the application where the user entered their password.
Stealing passwords isn’t the only danger from malware. Malware can silently download ransomware, rootkits, viruses, and other malicious application and automatically install it on the user’s device. Sophisticated malware is difficult to detect, so it can take months for administrators or the device owner to detect malicious applications.
Read: Password Best Practices
Credential Theft Leaves Corporate Environments Vulnerable to Data Breaches
With malware-stealing applications, an attacker can collect potentially thousands of credentials to give them access to a corporate network. With a list of credentials, an attacker launches an automated attempt to authenticate into your network. Credential stuffing can be used to determine which accounts are legitimate and active, so that an attacker can compromise the network environment and eavesdrop on data, eventually stealing it from critical systems.
Without the proper cybersecurity protections in place, an attacker can freely log in to any publicly available system. Most organizations have remote access capabilities, and this technology would give an attacker full access to sensitive data using a high-privilege user account.
Any publicly (cloud-based) system would be vulnerable to credential theft and credential stuffing. An organization should have cybersecurity systems in place that detect credential stuffing and stop it, but there are several other ways to protect against password-stealing malware and stop the aftermath should a user fall victim to a phishing attack.
Sign up for a FREE Demo of SpamTitan to learn how it works to block malware.
Book Free Demo
Protecting Systems from Malware
Most password-stealing malware has several components. The first is the installing process, and the next step is to silently collect data from the user’s device. With enough data collected, the malware then sends data to an attacker-controlled server where it’s then accessible to anyone with access to the server.
Antivirus applications are a must in cybersecurity for any individual or corporate machine. They are also a component in compliance, so every organization should have antivirus installed on devices to protect sensitive data. The antivirus application should be upgraded immediately when developers deploy new versions and updates so that any new malware will be detected before it loads into the device’s memory.
Email filters are also a must to stop malware from installing on a device via email messages. Phishing emails are the primary strategy attackers use to trick users into installing malware onto their device. Good email filters detect malicious file attachments and links to malicious websites and quarantine them for further review. This technology stops most of the phishing and malicious email messages used to install malware and should be implemented for any incoming and outgoing messages.
Two-factor authentication (2FA) does not stop malware from installing on a device, but it does stop attackers from using stolen credentials after a successful compromise and data breach. Administrators can then place logging systems to detect credential stuffing and any frequent authentication failures to determine if a user was the victim of a compromise and disclosed credentials to an attacker.
Staying Proactive is Key Defense Against Malware
Whether it’s password-stealing malware or malicious software that steals data, the key to stopping it is staying proactive. Implement email cybersecurity so that malware never reaches user inboxes, and keep antivirus and other device protections installed. Once malware installs on a device, it can be difficult to detect and eradicate. Staying proactive will stop most malware from interfering with your business continuity and productivity.
Sign up for a FREE Demo of SpamTitan to learn how it works.
Book Free Demo