SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image

Data-stealing malware affects nearly 10m devices in 2023

Fri, 5th Apr 2024

Nearly 10 million devices fell prey to data-stealing malware in 2023, according to new research carried out by global cybersecurity company Kaspersky.

With an average of 51 login credentials stolen per impacted device, the issue is a growing concern for both personal and corporate device users. The study draws from insights gleaned from infostealer malware log files traded on underground markets.

The study found the most compromised domain is the .com, followed by domain zones associated with Brazil (.br), India (.in), Colombia (.co), and Vietnam (.vn).

The data-stealing malware infections monitored by Kaspersky Digital Footprint Intelligence have seen a 643% increase over the past three years. Approximately 10 million personal and corporate devices were infected last year, showcasing the substantial growth in this threat. The data regarding infected devices comes from the exploration of infostealer malware log-files that are active on the underground markets.

Despite a modest 9% decline in the number of log-files in 2023 compared to 2022, it doesn't imply that the cybercriminal demand for login credentials has decreased, Kaspersky says. According to Kaspersky's latest analysis of infostealer dynamics, the actual number of infections for the year 2023 is likely to be much higher than 10 million, potentially reaching the 16 million mark. Threat actors then utilise these credentials for their malignant activities, such as cyber attacks, or distribute them on dark web forums and shadow Telegram channels freely or for a fee.

The stolen credentials could be linked to online banking services, social media, various corporate online services including email and internal systems, and crypto wallets. Kaspersky's study highlights that some 443,000 websites worldwide have experienced compromised credentials in the past five years.

Regarding the most compromised domains, the .com leads with nearly 326 million compromised logins and passwords. Brazil's .br follows with 29 million, while the .in domain linked to India had 8 million, .co (Colombia) nearly 6 million, and Vietnam's .vn over 5.5 million. The value of the log files on the dark web can vary depending on the data and how it is sold.

Prices for log files usually start at $10 in these dark web shops. Cybersecurity expert at Kaspersky Digital Footprint Intelligence, Sergey Shcherbel, points out the serious threat posed by these trades, "Leaked credentials carry a major threat, enabling cybercriminals to execute a multitude of attacks such as unauthorized access for theft, social engineering, or impersonation."

For protection against data-stealing malware, Kaspersky advises individuals to use a comprehensive security solution for their devices. This can both prevent infections and alert users to threats, such as dubious sites or phishing emails. Companies can assist their employees, users, and partners in protecting themselves through proactive leak monitoring and prompting password changes as necessary.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X