AUSTIN, Texas–(BUSINESS WIRE)–SpyCloud, the leader in Cybercrime Analytics, today released its Malware Readiness & Defense Report, a benchmark survey of nearly 320 mid-market and enterprise IT security professionals from the US and UK that examines how organizations are detecting and addressing the threat of malware as a precursor to cyberattacks like account takeover and ransomware.
The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with more than half (53%) expressing extreme concern and less than 1% admitting they weren’t concerned at all. However, many still lack the necessary tools to investigate the security and organizational impact of these infections and effectively mitigate follow-on attacks – with 98% indicating better visibility into at-risk applications would significantly improve their security posture.
While increased visibility into stolen authentication details for SSO and cloud-based applications ranks high, human behavior continues to plague IT security teams. The most overlooked entry points for malware include:
- 57% of organizations allow employees to sync browser data between personal and corporate devices – enabling threat actors to siphon employee credentials and other user authentication data through infected personal devices while remaining undetected.
- 54% of organizations struggle with shadow IT due to employees’ unsanctioned adoption of applications and systems – creating gaps not only in visibility but also in basic security controls and corporate policies.
- 36% of organizations allow unmanaged personal or shared devices to access business applications and systems – opening the door for devices lacking robust security measures to access sensitive data and resources and minimizing oversight security teams require for proper monitoring and remediation.
Seemingly innocuous actions like these can inadvertently expose organizations to malware and follow-on attacks including ransomware stemming from the stolen access details. According to SpyCloud research, every infection exposes access to an average of 26 business applications.
“While most organizations understand the general and pervasive threat of malware, digital transformation and hybrid work models create a perfect environment for criminals to take advantage of hidden security gaps,” said Trevor Hilligoss, Senior Director of Security Research at SpyCloud. “Criminals are exploiting these vulnerabilities by taking advantage of lax cyber behaviors and deploying infostealers designed to swiftly exfiltrate access details beyond passwords. These days, authentication cookies that grant access to valid sessions are one of the most prized assets for perpetrating next-generation account takeover through session hijacking – bypassing passwords, passkeys, and even MFA.”
Detecting and acting on exposures quickly is critical to disrupting malicious actors attempting to harm the organization. Yet the survey revealed many are struggling with routine responses to malware infections: 27% don’t routinely review their application logs for signs of compromise, 36% don’t reset passwords for potentially exposed applications, and 39% don’t terminate session cookies at the sign of exposure. Attacker dwell time has been growing according to recent research, providing malicious actors ample time to operationalize data exfiltrated by malware. Limited visibility hinders mean-time-to-discovery (MTTD) and mean-time-to-remediation (MTTR), which exacerbates risks to the business and drains resources.
“Breaking bad habits requires time and resources most organizations can’t afford and have a hard time finding in the first place. To reduce the risk created by unauthorized account access, infected devices and human error, they need a new approach for detecting and remediating malware. For many security teams, responding to infections is a machine-centric process that involves isolating and clearing the malware from the device. However, an identity-centric approach is more thorough as the ultimate goal is to better address the growing attack surface tied to an individual user that puts the business at risk,” Hilligoss explained.
In the first half of 2023, SpyCloud researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.
With this struggle for visibility and comprehensive response, there is a clear need for security teams to implement a more robust, identity-centric Post-Infection Remediation approach to disrupt criminals before they are able to use malware-exfiltrated data to further harm the business. Key to this framework is augmenting existing malware infection response with steps to reset exposed credentials and invalidate active sessions compromised by infostealers.
To download the full report and discover how SpyCloud helps organizations disrupt cybercrime and defend against malware, ransomware and online fraud, visit: https://spycloud.com/resource/2023-malware-readiness-and-defense-report/.
About SpyCloud
SpyCloud transforms recaptured darknet data to protect businesses from cyberattacks. Its products operationalize Cybercrime Analytics (C2A) to produce actionable insights that allow enterprises to proactively prevent ransomware and account takeover, protect their business from consumer fraud losses, and investigate cybercrime incidents. Its unique data from breaches, malware-infected devices, and other underground sources also powers many popular dark web monitoring and identity theft protection offerings. SpyCloud customers include half of the ten largest global enterprises, mid-size companies, and government agencies around the world. Headquartered in Austin, TX, SpyCloud is home to nearly 200 cybersecurity experts whose mission is to make the internet safer with automated solutions that help organizations combat cybercrime.
To learn more and see insights on your company’s exposed data, visit spycloud.com.