When threat actors get their hands on legitimate corporate credentials, it makes blocking unauthorized intrusions far more challenging. Yet that’s exactly what’s happening across the globe, thanks to the growing popularity of infostealer malware. The result is to feed the criminal supply chain with stolen data—fuelling follow-on fraud for customers and major financial and reputational damage for breached organizations.
There’s no simple resolution to the worsening infostealer epidemic. But fortunately, there is something that organizations can do to protect their data.
The cybercrime supply chain
Infostealer malware does what it says on the tin. Once deployed on a targeted machine it will look for and exfiltrate files, crypto-wallet assets, credentials, session cookies and much more besides. Theft of credentials is particularly worrisome for CISOs if they haven’t enforced multi-factor authentication (MFA) for users, as it enables malicious third parties to covertly masquerade as legitimate employees—gaining access to internal accounts and networks.
When combined with generative AI and living-off-the-land techniques, infostealers can help threat actors scale-up silent intrusions to rapidly perform data breach and ransomware attacks.
The surge in infostealer use has been well documented over recent months. One threat intelligence provider claims to have recorded a 50% annual increase in infostealer logs posted to the dark web in 2024. Another says it observed a 58% annual increase in infostealer attacks in 2024, with over 10 million stolen credentials associated with EMEA organizations available for sale on the dark web. A third recent analysis of one million malware samples notes that credentials from password stores appearing in 29% of such samples.
A mega breach at retailer Hot Topic revealed last October is just one notable example of the damage infostealers can do. An estimated 1.3 billion breach notifications were emailed to victims last year in the US alone, fuelled by this strain of malware.
Protecting the crown jewels
Infostealers have actually been circulating on cybercrime forums for over a decade. Because they’re delivered via various mechanisms (including via phishing messages and hidden in downloads), completely eradicating them is almost impossible. Additionally, the cybercrime underground is always working hard on new variants designed to bypass detection tools. And malware-as-a-service offerings on the cybercrime underground lower the barrier to entry for would-be hackers.
This should focus the minds of CISOs and business leaders. If enterprise data stores are imperilled in this way, then data protection becomes an increasingly critical way to manage security and compliance risks. This is where comforte’s Data Security Platform (DSP) comes into its own.
It offers large enterprises including retailers and financial services companies:
- AI-assisted, network-based discovery plus repository scans to continuously find and classify enterprise data, wherever it is in the organization (including cloud-based locations
- Multiple protection methods for pseudonymization and anonymization of that data, including format-preserving encryption and tokenization. Crucially, tokenization allows protected data to still be used in analytics and other business applications while reducing the scope of PCI DSS compliance
- Transparent integration with data flows and applications, for faster time-to-value
- Role-based access controls (RBACs) for added security
At least one billion breach notices issued in the US last year stemmed indirectly by infostealer malware. This reason alone should be cause enough to revisit cybersecurity strategies. If attackers can scale the castle walls, or get in through the front door simply by using stolen keys, then more attention must be focussed on ensuring the corporate crown jewels are always protected.
