This post is also available in: heעברית (Hebrew)

In 2022 alone, cyber criminals managed to access over 22 million devices and exposed over 720 million credentials.

The prevalence of botnets in raising these numbers is significant, as they enable cybercriminals to work at scale and make away with valid credentials, cookies, auto-fill data and other valuable information to use in targeted attacks or sell on the darknet.

Examining the true extent of this threat, Trevor Hilligoss, SpyCloud’s director of security research, views the increasing appearance of botnets as “a dangerous trend” because the attacks “open the door for bad actors, like initial access brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals.”

“Infostealers are easy, cheap and scalable, creating a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime,” adds Hilligoss. “This broker-operator partnership is a lucrative business with a relatively low cost of entry.”

He recommends that business leaders adopt a new approach that disrupts the flow of stolen authentication data and mitigates the ongoing threat of exposure.

“Collectively, we need to start thinking about protecting digital identities using a post-infection remediation approach, rather than solely focusing on cleaning individual infected devices,” Hilligoss recommends.

This approach allows security teams to augment their traditional cyber incident response playbooks with additional steps to fully negate opportunities for ransomware and other cyberattacks by resetting the application credentials and invalidating session cookies siphoned by infostealer malware.

“Taking action on exposed employee data before it can be used by criminals is paramount to preventing account takeover, fraud, ransomware and other forms of cybercrime,” Hilligoss concludes.

As reported by thefintechtimes.com.