According to research from the Cyber Threat Intelligence team, there was a rise in the number of information stealer malware and a rise in the number of fatigue attacks.
There are malicious software packages that are designed to steal information.
In MFA fatigue, an attacker floods an end user’s device with notifications to approve a login attempt. The goal is to tire the end- user out so they approve a login request.
The report states that there has been a rise in compromised credential marketplaces and a shift toward private sales for quality logs in order to take advantage of the demand.
More Lucrative Than Ransomware
According to Timothy Morris, chief security advisor at Tanium, infostealer may be flourishing because extortion is thriving and it is more lucrative and simpler than ransomware.
He explained that most people think of extortion as holding data of an enterprise hostage or threats of leaking the stolen data during or after a Ransomware attack. The threats to leak the data of individuals or entities contained in the data that has been exfiltrated are the third level.
He said that the third layer of extortion can be arrived at by stealing the information.
Morris said that the same skills and infrastructure used to write a banking trojan can be modified and used as an infostealer campaign. Criminals are good at evading detection and have modernized that.
Patrick Tiquet, vice president of security and architecture at Keeper Security, pointed out that cyberattacks are constantly evolving and that as they continue to grow in sophistication and volume, intrusions that combine bothPhishing and social engineering are becoming more common.
It’s difficult to detect these types of attacks when they mimic legitimate user activity.
He noted that a recent trend involves criminals trying to intercept email and text messages with a one-time password.
The user can bebombed with MFA requests until they become so tired that they accept one, either accidentally or purposely.
MFA is still a best practice for protecting your passwords against these types of attacks, but not all methods are created equal and none are impervious to these types of attacks. It is important to use a password manager with a zero-trust architecture as the first line of defense.
A password manager will create high-strength random passwords for every website, application and system to make it harder for a bad actor to get into it.
Password managers will allow strong forms of two-factor authentication, such as an authenticator app, to protect against remote data breaches.
The chief security scientist and advisory CISO at Delinea said that MFA fatigue has increased as more organizations enforced it for their employees
He said that getting the balance right between security and productivity is always a fine line and that it results in cybersecurity fatigue. It has always been a problem for employees to be prevented from accessing legitimate business applications because of security.
It’s important to find the right balance between security and productivity, and moving more security controls into the background is necessary. They can continue to verify both the authorization and the verification of the push notification, for example, if the request comes from the same location.
He says that using privileged access management to ensure strong, unique passwords for every account makes it harder for attackers to abuse MFA fatigue.
Security pros must always take a defense-in-depth approach to cybersecurity, and that’s why they use MFA. He said that they should move as much security as they can into the background so that it becomes usable.
It’s important for employees to know how to identify suspicious push notifications.
It is equally important for employees to be trained to identify suspicious emails and text messages that could be used to install malicious software into critical systems, prevent user access and steal sensitive data.
He said that employees should know about the bombing so they can escalate the issue to IT instead of accidentally giving a cybercriminal access to their accounts.