“Someone, somewhere is that the data is expelled from their machines while we speak,” says Volodimir Diachenko, co-founder Cybersecurity Consuldanti Securitidiskrili.
Saraiut Thanierat Moment | Getti images
Cybercriminates intensified their efforts to steal and sell online passwords, warn experts. The alarm comes after the data sets of data containing billions of exposed orders accounts.
30 data sets included 16 billion credibility on several platforms, including Apple, Google and Facebook and were the first to be export by Cybernews researchers last week.
During this year, exposures were identified by Volodimir Diachenko, co-founder Cyber Curbersecuriti Consulcias Discoveri and is suspected that the work is more parties.
“This is a collection of different data sets that appeared on my radar since the beginning of the year, but all shared the joint structure of URLs, the login passwords and passwords,” Diachenko CNBC said.
According to Diachenko, all signs indicate leaked information on the work “Infosteales” – malware that extracts sensitive data from the device, including user and password information, and online browser information.
While login lists are likely to contain many duplicates, as are out of date and incorrect information, a huge amount of findings in perspective are entered as much sensitive data on the web.
It should also be collected by alarms that Infosters became a “cyber plague” today, Diachenko said. “Someone, somewhere, has the data that took out of their machines while we speak”.
Diachenko managed to detect the exhibited data, because their owners temporarily indexed them on the web without locking the password. Unnecessary divided data leaks often caught by security discovery, but not on a scale that has been seen so far this year.
Infostealer threats on the rise
According to Simon Green, the President of Asia-Pacific and Japan on Palo Alto Networks, a pure scale of 16 billion exposed credentials is alarming and certainly significant, but not entirely surprising for those on the front with Cyber-Cyber.
“Many modern infostealers are designed with advanced utilation techniques, allowing them to circumvent traditional, signature-based security control, which is harder to detect and stop,” he added.
Consequently, an increase in attacks has increased in the attacks of infostealer. For example, in March, Microsoftolian threat was discovered malicious campaign The use of infosteales that hit almost a million devices globally.
Infosteales usually get access to victims devices by cheating in the download of malware, which can be hidden in all that are on phishing e-mail to fake ad search sites.
The attack motif for Infostealer is usually financial, and attackers often want to take bank accounts, credit cards and cash cryptocurrency money or binding identity fraud.
Cybercriminate can use stolen credentials and other personal data for purposes such as the production of highly persuasive, personalized phishing attacks and learning individuals or organizations.
According to Green, Palo Alto Networks, scale and danger of these types of infostealers, thanks to the growing prevalence of underground markets that offer “Cibercrime-As-Service” in which suppliers charge customers for malicious tools, sensitive data and other illegal network services.
“Cyber criminal-as-a-service is a critical hit here. It is basically democratized cybercriminal criminal,” green said.
These underground markets – often hosted in the dark web – create a cyber crime demand to steal personal data, and then to reside it.
In this way, data violations become more than just individual accounts – represent a “huge, interconnected network of compromised identity” that can handle the following attacks, said green.
According to Diachenko, it is probably that at least some of the compromised user data identified or will trade online.
In addition, the kits of malware and other resources that can help facilitate attacks on infostealer can be found in these markets.
CNBC has export On how the availability of these tools and services has significantly reduced technical barriers to aspiring criminals, enabling sophisticated attacks to be performed in a massive global level.
The report found that Infostealer attacks increased by 58% in 2024 years. Years.
What can be done
Using any major prevalence of the use of malware and is now fair to assume that most people will come into contact with Infosteeler’s threat, Ishmael Valenzuela, Vice President of the Threats and Intelligence Research and Intelligence In Cyber Authounds.
In addition to frequent password updates, individuals will need to be warned about increasing the amount of malware that hides in illegitimate software, applications and other download files, Valenzuela said. Added that the use of Multi-factor authentication It has become more important in accounts than ever.
From a corporate perspective, it is important to adopt the “zero architecture of trust” that not only constantly persuades the user, but also confirms the behavior of devices and users, he added.
Governments also worked more to break into infostealing activities in the last months.
In May, the European European Cyber Center Center said he has collaborated with Microsoft and Global authorities disrupt Infostealer “Lumma”, who called “the most significant threat in the world.”
– This story has been updated to reflect the correct spelling of Volodimir Diachenkov’s name.
