Table of Contents
Lumu’s new report on the state of cybersecurity reveals that a majority of infostealer malware attacks recorded were in the USA.
Is the USA under siege? Which are the sectors being targeted and why?
Although worrying in themselves, infostealer attacks are often only a method to initially break down the defenses of your network and leave the doors open for other cyberattacks, such as ransomware. How can cyberdefenses defend against infostealer malware and its consequences?
First, it’s important to understand what infostealer malware is and how it works.
What Is Infostealer Malware?
Think of the most valuable information an organization holds on their computer network – it could be passwords, credit card numbers, trade secrets, sensitive personal information? These are the targets of infostealer malware.
This sensitive information can then be used or sold for malicious intent, such as financial gain, identity theft, or to further compromise your organization.
A variety of approaches are used to infiltrate an organization’s system with infostealer malware, from targeted phishing, to compromised websites, to infected files on USB drives.
These methods are often designed to bypass traditional defenses, such as firewalls and EDRs. They use a number of techniques to avoid detection and once installed can operate quietly in the background.
Infostealer malware then targets and extracts data using methods such as keylogging, email harvesting, and browser hijackers.
This year’s Snowflake supply chain attack showed how infostealers can have huge success in evading traditional defenses. Snowflake, a platform for data storage, was breached, allowing attackers to target numerous other companies that used their service.
This shows that infostealer malware might gain access to your system by compromising a third-party and selling your credentials on the dark web. This allows criminals to bypass your traditional security stack, for example disabling EDRs, and carry out their attack, such as installing ransomware. For this reason, constant vigilance and good network visibility is essential.
Why Is Infostealer Malware Targeting the USA?
Is the USA in the crosshairs of infostealer malware? How does the number of infostealer malware attacks compare to other countries?
Of infostealer attacks recorded by Lumu, 58.3% were in the USA – with 19.4% targeting Brazil, and the other 22.3% being spread across the rest of the Americas. This means that the USA is by far the biggest target of any country in the region – why?
Broadly speaking, we can surmise that there are three reasons for this:
- Economic value: as the biggest economy in the world, the USA is a prime target for cybercriminals who want to maximize their economic gain from an attack. Data such as credit card information and trade secrets can be sold at high prices on the dark web.
- Geopolitics: a number of enemy states and groups use cybercrime as a method to attack and undermine the USA politically, militarily, and financially.
- Technology: as a leader in technology, the USA has a large IT infrastructure and an openness to innovative technologies. This gives cyberattackers the opportunity to find weaknesses – especially in sectors that might not have large budgets for cybersecurity, such as education and healthcare.
Which US Sectors Suffer Most Due to Infostealer Malware?
Infostealer malware is a silent actor with major consequences. Many sectors suffer crippling attacks at the hands of this technique.
The top three sectors targeted, according to this year’s Lumu report, are Government, Finance, and Education.
Arguably finance is the least surprising, and given their larger cybersecurity budgets it can be argued they are well positioned to defend themselves. Nevertheless, when they have a breach it can be disastrous.
Infostealer malware also massively targets local government and education, and it can be particularly damaging in these sectors, for several reasons.
Why Local Government?
What makes local government an attractive target for infostealer malware?
Firstly, they keep sensitive data, such as personal information, and records for projects and infrastructure.
Secondly, the scope to cause large, expensive, and publicly embarrassing impact. Compromising critical infrastructure, like water, electricity, and transportation, can have significant societal and economic repercussions.
Finally, stretched budgets and financial pressures on local government often leads to smaller IT budgets compared to large corporations. This can result in stretched cybersecurity and outdated systems that are more vulnerable to attack.
What makes infostealer malware attacks on local government particularly dangerous?
These attacks can affect citizens’ basic necessities, such as water supply and energy, which can be costly to repair. They can also erode confidence in local government, further worsening the situation. Also the sensitive nature of the data held by government could be sold on the dark web for a variety of attacks on citizens, such as identity theft or fraud.
Why Education?
Educational institutions, from K-12 schools to universities, are increasingly the targets for infostealer malware.
Schools have a lot of sensitive data, arguably most importantly student records. Since they have no credit history, and are unlikely to check it for several years, cybercriminals often exploit this for financial gain.
The gigantic shift in recent years toward remote studying and reliance on technology for educational purposes means a huge increase in endpoints and applications being used. This opens up new lines of attack for cybercriminals to gain access.
What makes infostealer malware attacks on education particularly dangerous?
A cyberattack can have significant consequences for students, staff, and the institution as a whole. The young age of the students makes them vulnerable to exploitation. Attacks can disrupt education and even have long-term consequences on the finances of the school and loss of reputation.
How to Defend Against Infostealer Malware
Lumu’s Compromise Report for 2024 shows that threat actors are using infostealer malware to bypass traditional elements of the cybersecurity stack and compromise networks. The data further reveals how it can be a gateway for ransomware attacks.
Defending against these threats requires adaptability and vigilance. A solid security architecture, with a variety of techniques and approaches is essential, for example:
- Email scanning can be used to spot attempted phishing attacks and is a feature that is popular with our partners.
- Continuous network visibility reveals suspicious activity that might indicate an attempt to install infostealer malware or extract data.
- Automated threat response is crucial to stop threat actors before they can cause damage.
- Threat-informed defense is important in order to stay ahead of the criminals and act proactively to avoid breaches.
Read more about the latest cyberattack trends to look out for and the techniques to defend against them in The Lumu Compromise Report 2024.
