Ransomware attacks have had a significant impact on organizations in 2024, with a notable increase in the number of attacks compared to the previous year. Infostealer malware and digital identity exposure have been identified as key factors driving this rise.
Description
Ransomware attacks have significantly impacted organizations in 2024 [5], with 75% experiencing attacks, up from 61% in 2023 [5]. Infostealer malware and digital identity exposure have been identified as key drivers of this increase. Multi-factor authentication bypass and infostealer malware are key factors in the growth of ransomware [5], with phishing and social engineering serving as common entry points for attacks [5]. Third-party access and stolen cookies have also been highlighted as routes for ransomware, raising concerns over third-party device risks [5]. The number of organizations paying a ransom has increased to 62% [5], but only a third of them fully recovered their data. Businesses have faced costs exceeding $1 million following attacks, with technology companies being the most targeted [5]. SpyCloud’s latest cybersecurity research emphasizes the threat of infostealers [1] [4], which are designed to steal digital identity data [1], login credentials [1] [3] [4], and session cookies [1] [2] [3] [5]. The research reveals a strong link between infostealer infections and ransomware attacks [1], with nearly one-third of companies experiencing a ransomware attack after an infostealer infection [1]. The rise of Malware-as-a-Service has made it easier for cybercriminals to deploy sophisticated malware [1] [4], including infostealers [1] [3] [4] [5], leading to an increase in account takeover attacks [1]. Organizations must focus on remediating the risks posed by exposed data to prevent devastating cyberattacks like ransomware [1] [4]. SpyCloud’s solutions aim to proactively prevent ransomware and account takeover attacks by leveraging advanced analytics and darknet data [1]. Data from SpyCloud’s 2024 Malware and Ransomware Defense Report showed nearly a third of ransomware attacks were preceded by an infostealer attack in the previous three months [3]. Infostealer malware can steal credentials and session cookies [3], enabling attackers to bypass multi-factor authentication and take over accounts [3]. Session hijacking enabled by stolen cookies was the third most common ransomware entry point [3], after phishing and third-party access [3]. The IBM X-Force Threat Intelligence Index 2024 showed a 266% increase in infostealer use by ransomware groups between 2022 and 2023 [3], emphasizing the importance of addressing infostealer attacks to prevent future ransomware incidents [3]. Organizations must adopt a multi-layered strategy that includes post-infection remediation steps like resetting application credentials and invalidating session cookies siphoned by infostealer malware [2] [3]. Despite organizations being more likely to reset passwords after a malware infection in 2024 compared to 2023 [3], they were slightly less likely to invalidate open app sessions [3], indicating that session hijacking risks are often overlooked in infostealer remediation efforts [3]. MFA has become the second most important ransomware countermeasure [3], highlighting the recognition of compromised credentials in ransomware threats [3]. Monitoring of compromised sessions is seen as a lower priority [3], despite the threat of follow-up attacks to infostealer infections [3]. Security professionals are concerned about this issue [3], with improving remediation after malware attacks being a common future security plan [3]. SpyCloud recaptured over 20 billion cookie records from infostealer attacks last year [3], with infostealers responsible for the theft of millions of credentials [3] [4]. The most common infostealers prior to a ransomware attack were LummC2 [3], RedLine [3], StealC [3], MetaStealer [3], and RisePro [3]. Organizations are advised to implement processes to invalidate stolen web sessions [3], leverage automation to respond quickly to malware threats [3], use continuous zero trust solutions [3], and adopt an identity-centric approach to security [3].
Conclusion
The rise of ransomware attacks in 2024 [2] [6], driven by infostealer malware and digital identity exposure [2] [5], highlights the urgent need for organizations to strengthen their cybersecurity measures. By focusing on post-infection remediation steps, adopting a multi-layered security strategy, and prioritizing the invalidation of stolen web sessions, organizations can mitigate the risks posed by infostealer attacks and prevent devastating cyber incidents like ransomware. Looking ahead, security professionals must continue to address the evolving threat landscape and prioritize measures to protect against infostealer and ransomware attacks.
References
[1] https://www.csoonline.com/article/3529400/spycloud-unveils-massive-scale-of-identity-exposure-due-to-infostealers-highlighting-need-for-advanced-cybersecurity-measures.html
[2] https://www.globenewswire.com/news-release/2024/09/18/2948148/0/en/New-research-finds-rise-of-infostealer-malware-and-digital-identity-exposure-creates-the-perfect-storm-for-ransomware-attacks.html
[3] https://www.scmagazine.com/news/preventing-ransomware-by-fully-remediating-infostealer-attacks
[4] https://securityboulevard.com/2024/09/news-alert-spycloud-study-reveals-infostealer-malware-can-be-a-precursor-to-a-ransomware-attack/
[5] https://www.infosecurity-magazine.com/news/infostealers-ransomware-attacks/
[6] https://www.securitysales.com/emerging-tech/cybersecurity-tech/infostealer-malware-digital-id-exposure-ransomware-attacks/