As with traditional crime, cybercrime is first and foremost a business. In recent years, the cybercrime landscape has undergone significant changes as victims opt to not pay ransoms, new defense mechanisms are introduced, and law enforcement efforts increase. These developments have led to a shift in the risk-benefit ratio for cybercriminals, and it is expected that this will continue to evolve in 2023. In this article, we will explore the current state of the cybercrime market and the potential future developments of the infostealer trend.
The Ransomware Dilemma
One of the most prominent forms of cybercrime in recent years has been ransomware. After the covid-time, where big corporation where targeted by ransomware operation, those types of companies invested significantly in their cybersecurity. They had the money and ressources to implement the necessary change to lower the ransomware gang ROI, to the point that they start to target SME, for smaller ransom amount. But the strategy shift may be deeper that just changing the target, that is a temporary solution.
The success of ransomware attacks has been largely driven by the willingness of victims to pay the ransom. However, this is changing as more organizations opt to not pay the ransom and instead rely on backups to restore their files. This shift in victim behavior has led to a decrease in the effectiveness of ransomware attacks and, as a result, many cybercriminals are moving away from this type of attack to more lucrative activities.
In addition to the decrease in victim willingness to pay, the introduction of new defense mechanisms has made it more difficult for cybercriminals to successfully launch ransomware attacks. For example, new endpoint protection mechanisms has been developed to detect and block ransomware. Similarly, the increased use of multi-factor authentication (MFA) has made it more difficult for cybercriminals to gain access to an organization’s network. Even if MFA fatigue is still heavily exploited, even in infostealer attacks.
The Evolution of Cybercrime: The Rise of Infostealers in 2022
Last years, we have seen a shift in the cybercrime landscape, with an increasing focus on infostealers marketing on blackmarket. Infostealers, also known as information stealers or password stealers, are a type of malware that are designed to steal sensitive information such as login credentials, financial information, and personal data from infected computers.
In 2022, the use of infostealers has skyrocketed, with a wave of advertisements for new variants of stealers, enhanced infostealers, and infostealer source code available on the cybercriminal underground. The sale of these new strains, combined with the availability of enhanced infostealers and infostealer source code, has led to increased activity on dark web marketplaces and private sales.
One notable infostealer that has forced its way onto the scene is Meta Stealer. First advertised on cybercrime forums in March 2022, this malware is heavily based on the code of the popular infostealer Redline but has additional features and is less detectible by anti-virus and endpoint detection software. As of November 2022, Meta Stealer costs $150 per month or $1,000 for a lifetime license. Since May 2022, Meta Stealer logs have been appearing on 2easy Market, one of the leading blackmarket on the darkweb for stolen data.
Another infostealer that has made its debut in 2022 is Rhadamanthys. Rhadamanthys is a powerful tool that can obtain credentials and information from a host of platforms including major browsers, email clients, messaging platforms, and crypto apps and wallets. It can also target logs from MFA apps, including Authenticator, Authy, EOS Authenticator, and GAuth Authenticator, as well as Outlook and Slack, and harvests cookies. The malware is delivered by phishing, spam campaign and malvertising on google ads.
It’s clear that infostealers will continue to evolve and pose a significant risk to organizations in 2023. With the rise of this type of criminal business model, it’s important for organizations to stay vigilant and take proactive steps to protect themselves against this type of malware.
This includes examining how they authenticate user access to their systems and considering moving away from MFA push notifications and toward number-matching MFA systems and the use of biometrics. Additionally, organizations should fully train staff on the dangers of MFA fatigue attacks, social engineering attempts, and how to secure online accounts. Monitoring of dark web sources to obtain threat intelligence on the latest tactics, techniques, and procedures relating to infostealer malware can also help organizations stay ahead of the latest threats.
Conclusion
The cybercrime landscape is constantly evolving, and it is expected that this will continue in 2023. As the effectiveness of traditional forms of cyberattacks decreases, it is likely that cybercriminals will shift towards new forms of malware and social engineering attacks, such as infostealer, wiper, digital hacktivism or disinformation. To prevent cybercrime, it is important for organizations to stay informed about the latest threats, train their staff, and implement strong security measures.
