The Australian Cybersecurity Center (ACSC) has issued a warning to organizations about the increasing threat posed by malicious software known as infostealers. These programs are designed to collect confidential data from user devices, including passwords, bank cards, cryptocurrency wallets, browser information, cookies, and auto-filled forms. The data collected is then used by cybercriminals to gain access to corporate networks and systems.
Infostealers are often spread through phishing emails, pirated programs, and malicious links on various platforms, including social networks. Devices that are used for both work and personal purposes are particularly vulnerable, as they tend to have lower levels of security. This can lead to compromises in corporate networks and subsequent attacks such as extortion, compromising business email, and theft of intellectual property.
Australian companies allowing employees to work remotely from personal devices should be especially vigilant. ACSC investigations have shown that data breaches and serious network attacks have started with compromises on employees’ personal devices. Criminals have used stolen accounts to gain access to privileged information.
Infostealers are a crucial tool in cybercrime, providing attackers with an easy means to collect sensitive information. Some of these tools are sold using the Malware-AS-A-Service model, making it simple for novice cybercriminals to launch targeted attacks.
Cybercriminals can use infostealers to remotely control devices and gather confidential information, which can then be sold on the black market or used for extortion and blackmail. Attackers can also deploy additional malware on already infected devices.
To mitigate the risk, ACSC recommends that organizations implement multifactor authentication (MFA), restrict access to privileged accounts, and educate employees on basic cybersecurity principles. This can help prevent phishing attacks and the inadvertent downloading of malware.
It is also important for organizations to monitor user activities, particularly those working remotely, and promptly identify any anomalies. Implementing a Bring Your Own Device (BYOD) policy can enhance the security of personal devices used for work.
ACSC strongly advises organizations to develop an incident response plan and take necessary measures to safeguard against infostealer attacks.