Protecting Business From The Infostealer Threat

Uploaded on 2025-03-19 in TECHNOLOGY--Resilience, FREE TO VIEW

Infostealers were responsible for the theft of over 3.9 billion credentials last year. As businesses become increasingly reliant on digital infrastructure, attackers are refining their techniques to harvest sensitive login data, bypass security measures, and exploit stolen information for financial gain. 

The latest data from KELA's State of Cybercrime 2024 report estimated that at least 4.3 million machines were infected by infostealer malware last year, resulting in over 330 million compromised credentials.

With cybercriminals also sharing vast repositories of stolen credentials, such as ULP files that contain billions of compromised login details, the risks have never been greater.

For businesses, protecting credentials is pivotal. If an attacker gains access to an employee’s login details, they could infiltrate internal systems, move laterally within the network, and launch devastating attacks, from data theft to ransomware. To mitigate these risks, organisations must adopt a multi-layered security approach, including strong authentication, robust credential management, and endpoint security.

Multifactor Authentication Is The First Line Of Defence

Passwords are no longer enough to secure business accounts. Cybercriminals can easily steal or brute-force weak credentials, and with the rise of infostealer malware, even complex passwords stored in browsers are at risk.

Multi-factor authentication (MFA) is one of the most effective ways to protect against compromised credentials. By requiring an additional verification step, like a one-time passcode (OTP) or biometric authentication, MFA ensures that even if a password is stolen, attackers cannot gain access to an account.

Hardware-backed authentication methods, like FIDO2 security keys or passkeys, provide an even stronger layer of security. These methods rely on cryptographic key pairs stored securely on a physical device, meaning attackers cannot authenticate without access to the hardware. Businesses should prioritise the adoption of FIDO-based authentication to reduce the risks associated with credential theft.

Robust Credential Management Prevents Exposure & Misuse

While MFA is crucial, businesses must also address the way credentials are stored and managed. Many infostealer breaches occur because employees store passwords insecurely, either in plain text, browser password managers, or easily accessible files.

Using a dedicated password manager is essential for secure storage and automatic password rotation. Enterprise-grade password management solutions can generate complex, unique passwords for each account and ensure they are never exposed in unprotected environments. On top of this, businesses should enforce the use of passphrases rather than traditional passwords, as longer credentials are significantly harder to crack.

Beyond password storage, elevation approvals for privileged access can serve as an additional safeguard. If an attacker successfully compromises a credential, access control measures can prevent them from escalating privileges without further authorisation. Implementing just-in-time access and regular audits of privileged accounts will help ensure that only authorised users can perform sensitive actions.

Strengthening Endpoint Security

Infostealer malware usually infiltrates devices through phishing attacks, malicious downloads, or compromised websites. Once installed, the malware extracts saved credentials, browser cookies, session tokens, and autofill data, often exfiltrating the information to cybercriminals within minutes.

To mitigate these risks, businesses should invest in advanced Endpoint Detection and Response (EDR) solutions that can identify and neutralise infostealer infections before they cause serious harm.

Traditional antivirus software is often ineffective against modern, sophisticated infostealers, making AI-driven threat detection a necessity. Network segmentation can also limit an attacker’s ability to move laterally if a device is compromised, reducing the overall risk to an organisation.

The Rise Of Session Hijacking

Infostealer malware is evolving beyond just password theft. Cybercriminals are targeting active session tokens, allowing them to bypass authentication entirely. Once they obtain a valid session cookie, attackers can hijack an account without needing a password or MFA approval.

Businesses must adapt their security strategies to counteract session hijacking. One approach is to reduce session persistence by enforcing frequent re-authentication, particularly for high-risk accounts. Implementing device-bound session cookies can also help, ensuring that authentication tokens cannot be used outside of the original, trusted device.

Zero-trust security principles play a crucial role in this battle. By continuously verifying user identities, monitoring for unusual activity, and applying adaptive access controls, organisations can prevent attackers from exploiting compromised credentials and session tokens.

Building A Resilient Security Culture

Technology alone is not enough as human behaviour remains a critical factor in credential security. Employees must be trained to recognise phishing attempts, avoid downloading unverified software, and report suspicious activity immediately. Security awareness training should be an ongoing initiative rather than a one-time exercise.
Regular red teaming exercises and penetration testing can also help businesses identify vulnerabilities in their authentication processes and credential management practices. By simulating real-world attack scenarios, organisations can proactively address security gaps before cybercriminals exploit them.

Infostealers are an ever-growing threat, with cybercriminals finding new ways to harvest credentials and infiltrate corporate networks. However, businesses are not powerless. A comprehensive security approach, like MFA, hardware-backed authentication, password management, endpoint security, and continuous monitoring, can significantly reduce the risk of credential compromise.

As attackers evolve, so must our defences. By prioritising proactive security measures and fostering a culture of vigilance, organisations can stay ahead of infostealers and safeguard their most valuable digital assets.

Joel Rennich is SVP of Product Management at JumpCloud

Image: 

You Might Also Read: 

Hackers Exploiting Malware In Google Docs:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Geopolitics, Nation-State Hackers & Cyberwar
Exploring The Growing Popularity Of Data Security Posture Management »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Norwest Venture Partners (NVP)

Norwest Venture Partners (NVP)

Norwest Venture Partners offer entrepreneurs a broad range of services to help them build their businesses at every stage of growth. Key sectors include AI, Infrastructure, SaaS and Security.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

AI EdgeLabs

AI EdgeLabs

AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures.