Society today often finds itself engulfed in a fast-paced expansion of information, encompassing personal and professional aspects. The reason? Digital growth. This digital growth deluges the online world with a plethora of data about individuals, ranging from authentication credentials to personally identifiable information.
Despite being the architects of this digital domain and the technology it hosts, people struggle to match the lightning speed of its progression. Organizations and individuals grapple with the challenge of safeguarding new business practices. Meanwhile, cybercriminals face no such limitations as they swiftly adapt and innovate, capitalizing on the evolving digital landscape to swiftly exfiltrate data and gain access, long before any alarms are raised.
This relentless criminal ingenuity spawns an epidemic of cybercrime, inflicting its wrath on entities of all sizes. Predictions indicate that the cost of cybercrime will more than double over the next five years, soaring from an estimated global value of $11.5 trillion in 2023 to $23.82 trillion by 2028, according to Statista. Cyber incidents have emerged as the foremost risk to businesses, fueling apprehension and concern over potential disruptions.
With that said, of all the menacing cyber threats that haunt security leaders' minds, ransomware and malware looms largest. In fact, more than half of security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, according to a SpyCloud report. However, many lack the tools that are needed to investigate the security and organizational impact of these infections and effectively mitigate follow-on attacks – with 98% indicating better visibility into at-risk applications would significantly improve their security posture.
While increased visibility into stolen authentication details for SSO and cloud-based applications ranks high, human behavior continues to plague IT security teams. Let's take a deeper look:
- 57% of organizations allow employees to sync browser data between personal and corporate devices. This enables threat actors to siphon employee credentials and other user authentication data through infected personal devices while remaining undetected.
- 54% of organizations struggle with shadow IT due to employees’ unsanctioned adoption of applications and systems. This creates gaps not only in visibility but also in basic security controls and corporate policies.
- 36% of organizations allow unmanaged personal or shared devices to access business applications and systems. This opens the door for devices lacking robust security measures to access sensitive data and resources and minimizing oversight security teams require for proper monitoring and remediation.
Actions like these inadvertently expose organizations to malware and follow-on attacks including ransomware stemming from the stolen access details. According to SpyCloud research, every infection exposes access to an average of 26 business applications.
"Criminals are exploiting these vulnerabilities by taking advantage of lax cyber behaviors and deploying infostealers designed to swiftly exfiltrate access details beyond passwords,” said Trevor Hilligoss, Senior Director of Security Research at SpyCloud. “These days, authentication cookies that grant access to valid sessions are one of the most prized assets for perpetrating next-generation account takeover through session hijacking – bypassing passwords, passkeys and even MFA."
The information in the research report shows that there is a clear need for security teams to implement a more robust, identity-centric Post-Infection Remediation approach to disrupt criminals before they use malware-exfiltrated data to further harm the business.
Post-Infection Remediation provides a framework of additional steps to existing incident response protocols, designed to shut down opportunities for ransomware and other targeted attacks by resetting the application credentials and invalidating session cookies siphoned by infostealer malware. This optimized remediation enables the SOC to seamlessly and comprehensively neutralize the risk of ransomware from these exposures.
“To reduce the risk created by unauthorized account access, infected devices and human error, organizations need a new approach for detecting and remediating malware,” said Hilligoss.
Edited by
Alex Passett
