SpyCloud's latest research highlights the growing threat of infostealers—malware designed to steal digital identity data, login credentials, and session cookies. According to the report, infostealers were involved in 61% of all data breaches in the past year, resulting in the theft of 343.78 million credentials. This data often ends up on the dark web, fueling further attacks. Alarmingly, one in five individuals has been affected by an infostealer infection, each exposing 10-25 third-party business application credentials, creating opportunities for ransomware operators to exploit.
The report also draws a clear connection between infostealers and ransomware attacks. Companies with employees infected by infostealer malware are significantly more likely to face ransomware incidents. Nearly one-third of organizations that experienced a ransomware attack last year had previously dealt with an infostealer infection. The rising sophistication of these attacks, including the use of advanced encryption and session hijacking, makes it increasingly difficult for businesses to detect and prevent them.
The rise of Malware-as-a-Service (MaaS) has further exacerbated the infostealer threat. MaaS allows even low-skilled cybercriminals to deploy sophisticated malware, leading to an increase in account takeover (ATO) attacks. Unlike traditional ATOs that rely on stolen credentials, next-generation ATOs use stolen session cookies to bypass authentication methods. SpyCloud reported recapturing over 5.4 billion stolen cookie records in just the last 90 days, highlighting the scale of this threat. Traditional defenses like antivirus software and multi-factor authentication (MFA) are proving inadequate against these evolving techniques.
SpyCloud's findings emphasize the need for next-generation cybersecurity measures. Traditional malware mitigation is no longer sufficient, as modern infostealers can bypass antivirus and render MFA ineffective. Organizations need to focus on remediating long-term risks posed by exposed data, such as resetting compromised credentials and invalidating session cookies. By addressing these threats, businesses can reduce the risk of severe cyberattacks like ransomware.