Cyber security organisation Kela have released their findings showing almost 20 million bots actively selling compromised information online. This number reflects the findings from a single marketplace, which suggests that the number of compromised hosts distributing malware and exfiltrating sensitive information is actually much higher
Information stealing bots (infostealers) are a type of malware aimed at stealing sensitive information. This includes personally identifiable information, credentials, financial information or network logs.
Once stolen, typically through the use of a mass deployed botnet, the information is then advertised for sale on forums found on the dark web such as RussianMarket, TwoEasy or even the Clearnet through Telegram.
Police agencies are aware of various infostealers and of emerging and established threats which businesses and individuals may encounter.
Complimenting these efforts, cybersecurity and threat intelligence provider Kela have produced a report based upon their research to advise the community on the emerging infostealers posing a risk to organisations worldwide.
Kela highlight that the most popular/successful infostealers to date have been Redline, Raccoon, Vidar and META, whilst also evidencing the growing threat from Titan stealer, LummaC2, Stealc and WhiteSnake.
The assessment was made based upon the source of the logs found on the aforementioned marketplaces.
Once purchased, a threat actor may seek to use the information to further exploit a found vulnerability.
From this list of threats, Titan stealer is potentially posing a more targeted threat to UK organisations.
The nature of these attacks are typically widespread without specific targeting, utilising botnets of compromised hosts to target machines based on susceptibility.
Because of this, the threat to organisations is not just the targeting of official systems but also home network devices which can be compromised to allow a threat actor to further enumerate the victim before pivoting from their personal devices to a force network if given the opportunity.
Remediation & Mitigation
The threat posed above can be mitigated through the implementation of a security-driven bring your own device (BYOD) policy, advice to personnel on how to manage the security of their personal devices and ensuring that the VPNs employed to enable work from home are maintained with the latest updates.
This is essential to avoid exploitation of existing vulnerabilities and facilitating access to organisational networks.
If you're worried about bots, malware or your business's cyber security in general, contact us for guidance. We also have various affordable services available to you, and we can put you in touch with our Cyber Essentials Partners if you require Cyber Essentials, Cyber Essentials+, tech advice or disaster recovery.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to email@example.com. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).