SpyCloud Reveals Malware Awareness Alone is Insufficient

SpyCloud Reveals Malware Awareness Alone is Insufficient

By Greg Tavarez

Society today often finds itself engulfed in a fast-paced expansion of information, encompassing personal and professional aspects. The reason? Digital growth. This digital growth deluges the online world with a plethora of data about individuals, ranging from authentication credentials to personally identifiable information.

Despite being the architects of this digital domain and the technology it hosts, people struggle to match the lightning speed of its progression. Organizations and individuals grapple with the challenge of safeguarding new business practices. Meanwhile, cybercriminals face no such limitations as they swiftly adapt and innovate, capitalizing on the evolving digital landscape to swiftly exfiltrate data and gain access, long before any alarms are raised.

This relentless criminal ingenuity spawns an epidemic of cybercrime, inflicting its wrath on entities of all sizes. Predictions indicate that the cost of cybercrime will more than double over the next five years, soaring from an estimated global value of $11.5 trillion in 2023 to $23.82 trillion by 2028, according to Statista. Cyber incidents have emerged as the foremost risk to businesses, fueling apprehension and concern over potential disruptions.

With that said, of all the menacing cyber threats that haunt security leaders' minds, ransomware and malware looms largest. In fact, more than half of security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, according to a SpyCloud report. However, many lack the tools that are needed to investigate the security and organizational impact of these infections and effectively mitigate follow-on attacks – with 98% indicating better visibility into at-risk applications would significantly improve their security posture.

While increased visibility into stolen authentication details for SSO and cloud-based applications ranks high, human behavior continues to plague IT security teams. Let's take a deeper look:

  • 57% of organizations allow employees to sync browser data between personal and corporate devices. This enables threat actors to siphon employee credentials and other user authentication data through infected personal devices while remaining undetected.
     
  • 54% of organizations struggle with shadow IT due to employees’ unsanctioned adoption of applications and systems. This creates gaps not only in visibility but also in basic security controls and corporate policies.
     
  • 36% of organizations allow unmanaged personal or shared devices to access business applications and systems. This opens the door for devices lacking robust security measures to access sensitive data and resources and minimizing oversight security teams require for proper monitoring and remediation.

Actions like these inadvertently expose organizations to malware and follow-on attacks including ransomware stemming from the stolen access details. According to SpyCloud research, every infection exposes access to an average of 26 business applications.

"Criminals are exploiting these vulnerabilities by taking advantage of lax cyber behaviors and deploying infostealers designed to swiftly exfiltrate access details beyond passwords,” said Trevor Hilligoss, Senior Director of Security Research at SpyCloud. “These days, authentication cookies that grant access to valid sessions are one of the most prized assets for perpetrating next-generation account takeover through session hijacking – bypassing passwords, passkeys and even MFA."

The information in the research report shows that there is a clear need for security teams to implement a more robust, identity-centric Post-Infection Remediation approach to disrupt criminals before they use malware-exfiltrated data to further harm the business.

Post-Infection Remediation provides a framework of additional steps to existing incident response protocols, designed to shut down opportunities for ransomware and other targeted attacks by resetting the application credentials and invalidating session cookies siphoned by infostealer malware. This optimized remediation enables the SOC to seamlessly and comprehensively neutralize the risk of ransomware from these exposures.

“To reduce the risk created by unauthorized account access, infected devices and human error, organizations need a new approach for detecting and remediating malware,” said Hilligoss.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

LogMeIn Rescue, to the Rescue: Forrester Studies GoTo's Support Capabilities

By: Alex Passett    9/22/2023

Over a period of three years, a Forrester Total Economic Impact (TEI) study examined the business and financial benefits of LogMeIn Rescue, a flagship…

Read More

Canadian Managed IT Services Gear Up for Cybersecurity Awareness Month

By: Contributing Writer    9/22/2023

October, prominently known as Cybersecurity Awareness Month, is an annual observance and an intensified rally for Canada's premier IT service provider…

Read More

ITEXPO Exhibitor RingLogix Looks to TeamMate to Open New Possibilities for MSPs

By: Greg Tavarez    9/21/2023

The RingLogix and TeamMate collaboration enables MSPs to get the most out of Microsoft Teams as a collaboration solution.

Read More

Acronis Introduces Advanced Automation for MSPs

By: Stefania Viscusi    9/21/2023

Acronis Advanced Automation addresses a common challenge faced by MSPs, the increasing complexities businesses face with so many different initiatives…

Read More

Comprehensive Cybersecurity Solutions: Rackspace Taps Palo Alto Networks

By: Alex Passett    9/20/2023

Strengthening organizations' abilities to stay ahead of progressively evolving cyber threats and attackers is key. That's why Rackspace Technology has…

Read More