• XRATOR
  • Our Experts
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Cybercrime

Cybercrime Evolution: the Ransomware Dilemna and the Infostealer Alternatives

Uncovering the dangers of infostealers in 2023: Will this emerging trend in cybercrime replace the ransomware turmoil?

Gwendal SmithbyGwendal Smith
January 31, 2023
in Articles, Cyber Attacks, Cybercrime, Malware
0
Cybercrime Evolution: the Ransomware Dilemna and the Infostealer Alternatives

As with traditional crime, cybercrime is first and foremost a business. In recent years, the cybercrime landscape has undergone significant changes as victims opt to not pay ransoms, new defense mechanisms are introduced, and law enforcement efforts increase. These developments have led to a shift in the risk-benefit ratio for cybercriminals, and it is expected that this will continue to evolve in 2023. In this article, we will explore the current state of the cybercrime market and the potential future developments of the infostealer trend.

The Ransomware Dilemma

One of the most prominent forms of cybercrime in recent years has been ransomware. After the covid-time, where big corporation where targeted by ransomware operation, those types of companies invested significantly in their cybersecurity. They had the money and ressources to implement the necessary change to lower the ransomware gang ROI, to the point that they start to target SME, for smaller ransom amount. But the strategy shift may be deeper that just changing the target, that is a temporary solution.

The success of ransomware attacks has been largely driven by the willingness of victims to pay the ransom. However, this is changing as more organizations opt to not pay the ransom and instead rely on backups to restore their files. This shift in victim behavior has led to a decrease in the effectiveness of ransomware attacks and, as a result, many cybercriminals are moving away from this type of attack to more lucrative activities.

In addition to the decrease in victim willingness to pay, the introduction of new defense mechanisms has made it more difficult for cybercriminals to successfully launch ransomware attacks. For example, new endpoint protection mechanisms has been developed to detect and block ransomware. Similarly, the increased use of multi-factor authentication (MFA) has made it more difficult for cybercriminals to gain access to an organization’s network. Even if MFA fatigue is still heavily exploited, even in infostealer attacks.

The Evolution of Cybercrime: The Rise of Infostealers in 2022

Last years, we have seen a shift in the cybercrime landscape, with an increasing focus on infostealers marketing on blackmarket. Infostealers, also known as information stealers or password stealers, are a type of malware that are designed to steal sensitive information such as login credentials, financial information, and personal data from infected computers.

In 2022, the use of infostealers has skyrocketed, with a wave of advertisements for new variants of stealers, enhanced infostealers, and infostealer source code available on the cybercriminal underground. The sale of these new strains, combined with the availability of enhanced infostealers and infostealer source code, has led to increased activity on dark web marketplaces and private sales.

One notable infostealer that has forced its way onto the scene is Meta Stealer. First advertised on cybercrime forums in March 2022, this malware is heavily based on the code of the popular infostealer Redline but has additional features and is less detectible by anti-virus and endpoint detection software. As of November 2022, Meta Stealer costs $150 per month or $1,000 for a lifetime license. Since May 2022, Meta Stealer logs have been appearing on 2easy Market, one of the leading blackmarket on the darkweb for stolen data.

Another infostealer that has made its debut in 2022 is Rhadamanthys. Rhadamanthys is a powerful tool that can obtain credentials and information from a host of platforms including major browsers, email clients, messaging platforms, and crypto apps and wallets. It can also target logs from MFA apps, including Authenticator, Authy, EOS Authenticator, and GAuth Authenticator, as well as Outlook and Slack, and harvests cookies. The malware is delivered by phishing, spam campaign and malvertising on google ads.

It’s clear that infostealers will continue to evolve and pose a significant risk to organizations in 2023. With the rise of this type of criminal business model, it’s important for organizations to stay vigilant and take proactive steps to protect themselves against this type of malware.

This includes examining how they authenticate user access to their systems and considering moving away from MFA push notifications and toward number-matching MFA systems and the use of biometrics. Additionally, organizations should fully train staff on the dangers of MFA fatigue attacks, social engineering attempts, and how to secure online accounts. Monitoring of dark web sources to obtain threat intelligence on the latest tactics, techniques, and procedures relating to infostealer malware can also help organizations stay ahead of the latest threats.

Conclusion

The cybercrime landscape is constantly evolving, and it is expected that this will continue in 2023. As the effectiveness of traditional forms of cyberattacks decreases, it is likely that cybercriminals will shift towards new forms of malware and social engineering attacks, such as infostealer, wiper, digital hacktivism or disinformation. To prevent cybercrime, it is important for organizations to stay informed about the latest threats, train their staff, and implement strong security measures.

Tags: 2easy MarketBlackmarketDarknet & DarkwebInfostealerMeta StealerMFAransomwareRedlineRhadamanthys

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    0 shares
    Share 0 Tweet 0
  • Understanding and Mitigating the Risk of Computer Memory Exploitation

    0 shares
    Share 0 Tweet 0
  • Three Social Impacts of Ransomware Operations

    0 shares
    Share 0 Tweet 0
  • Methods to Conduct an Insider Threat Risk Assessment

    0 shares
    Share 0 Tweet 0
  • Why Lockbit does fake cyberattacks ?

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}