Recent security research has revealed a significant increase in misappropriated logs on the Russian Market online marketplace, with a staggering surge of 670%. The report sheds light on the thriving market for the infostealer malware, which is crucial in facilitating cybercriminal activities, including ransomware attacks.
What is Infostealer Malware?
Infostealers are a popular choice for cybercriminals seeking rapid access to businesses and immediate monetization. They are already available for purchase and can yield collected credentials and sensitive information within minutes. As cybercriminals employ increasingly sophisticated methods to deceive users, detecting and removing these threats becomes more and more challenging for victims.
One key factor that has changed the landscape for infostealers is the improvement in techniques used by criminals to trick users into installing them, such as by using fake messaging applications and cloned websites. Additionally, the development of dedicated marketplaces for the sale and purchase of collected data has made it even harder for victims to detect and remove infostealer malware.
According to the Secureworks report, the number of logs available for sale on the Russian Market has surged by 150% in less than nine months, reaching over five million in late February 2023 compared to two million logs in June 2022. This represents a growth rate of 670% in approximately two years.
Infostealer Goes Underground
The underground economy surrounding infostealers has created an environment where even relatively low-skilled threat actors can participate, making it potentially lucrative for them. Law enforcement actions against platforms like the Genesis Market and the Raid Forums have shifted log trading to dedicated Telegram channels. However, Genesis Market's Tor site remains operational despite arrests and domain takedowns.
Furthermore, there is a growing market for after-action tools that aid in log parsing, catering to the increasing demand as the availability of infostealers and logs expands.
To defend your devices against the threat of infostealers, it is essential to implement multi-factor authentication to minimize the impact of credential theft. It is crucial to be cautious about installing third-party software and ensuring its source is trustworthy. Last, comprehensive monitoring across host, network and cloud environments is just as vital for a successful defense against infostealers.