A new report from cybersecurity firm, Flare, brought an alarming fact to the surface – the widespread theft of corporate credentials by malicious software known as ‘infostealer’ malware.
To put it simply, infostealer malware is like a digital burglar, infiltrating into your agency’s systems, snatching valuable data, and delivering it back to cybercriminals. These miscreants can use this data for harmful activities or sell it on the underground market of cybercrime.
Flare’s meticulous analysis of nearly 20 million logs of stolen data reveals the magnitude of the threat. The firm found that about 375,000 logs contained access to business applications frequently used by organizations, including Salesforce, Hubspot, QuickBooks, AWS, GCP, Okta, and DocuSign. More alarming is the evidence showing that these credentials, once stolen, are classified into various tiers based on their value and desirability to cybercriminals:
- Tier-1 Logs: These logs hold the highest value as they contain credentials to critical corporate systems. With these credentials, cybercriminals could gain access to sensitive client data, financial information, and internal business strategies.
- Tier-2 Logs: Logs in this tier contain financial services and banking applications credentials. Cybercriminals can potentially use these credentials to directly access financial accounts, make unauthorized purchases, or move funds illicitly.
- Tier-3 Logs: These logs primarily comprise credentials for common consumer applications such as Google, Facebook, and Microsoft. Despite their relative lack of direct financial value, these credentials could still pose considerable damage if misused.
To give you a clearer picture, logs are like packaged archives of stolen information. They contain critical data pilfered from applications used daily in your agency, such as web browsers, email clients, and even software.
In particular, the report discovered that 375,000 of these logs contained access to vital business applications. These include:
- AWS Console credentials: 179,000
- Google Cloud credentials: 2,300
- DocuSign credentials: 64,500
- QuickBooks credentials: 15,500
- Salesforce credentials: 23,000
- CRM credentials: 66,000
- Okta Authentication Access: 48,000
“Based on evidence from the dark web forum Exploit in, we rate it as highly likely that initial access brokers are using stealer logs as a principal source to gain an initial foothold to corporate environments that can then be auctioned off on top-tier dark web forums,” says Eric Clay, researcher at Flare.
Could Your Agency Be At Risk?
The credentials stolen by infostealer malware can be aptly described as a digital skeleton key – a universal pass granting cybercriminals unauthorized access to a vast array of sensitive information stored within your agency. With this virtual master key, they can unlock numerous areas of your business, causing havoc and damage that’s both wide-ranging and potentially devastating.
The reality of today’s interconnected world is this: The threat of cybercrime isn’t a specter looming on the horizon—it’s already here, infiltrating systems, snatching valuable data, and leaving an indelible mark on businesses worldwide. For independent insurance agencies, the notion of treating cybersecurity as an optional luxury is both imprudent and perilous.
Think of your agency as a fortress. Your clients’ data, financial information, and internal business strategies are the treasure within, and cybercriminals are continually seeking ways to breach your walls. These stolen credentials, akin to a master key, can give these unscrupulous actors unfettered access to everything you’ve worked hard to build and protect.
Imagine these cybercriminals gaining access to your client data. This is not just their contact information, but their confidential records, policy details, financial statements, and other sensitive documents you hold. The violation of client confidentiality can lead to serious consequences, such as financial loss for your clients, and significant reputational damage to your agency.
Ignoring this crucial aspect of business operations isn’t just a misstep—it’s a gamble that could risk the very foundation of your agency. The implementation of comprehensive cybersecurity measures is not merely a suggestion—it’s an absolute necessity. When the security landscape evolves, so must we.
In essence, safeguarding your digital assets today determines your agency’s resilience and success tomorrow. It’s not just about the survival of your business, but about thriving in an age where digital fortification becomes synonymous with business longevity.
Stepping Up Your Agency’s Defense
In the face of increasingly sophisticated malware threats, it’s crucial to bolster your defenses and take a proactive stance. Here’s a more detailed look at some of the effective measures you can adopt as a first precaution:
- Multi-Factor Authentication (MFA): Implementing MFA provides an added layer of security. Even if a password is compromised, the attacker would need the second factor – typically a code sent to a trusted device – to gain access.
- Cybersecurity Implementation: Deploy comprehensive cybersecurity software that includes antivirus, anti-malware, and firewall capabilities. Ensure it’s kept updated to defend against the latest threats.
- System Updates and Patch Management: Regularly update all systems, software, and devices to benefit from the latest security patches. Cybercriminals often exploit known vulnerabilities in outdated software.
- Access Control: Limit user access rights to minimize potential points of vulnerability. The principle of least privilege (PoLP) means granting employees only the access they need to perform their duties.
- Virtual Private Networks (VPNs): Encourage the use of VPNs, especially for employees accessing your systems remotely. VPNs create an encrypted connection, making it more difficult for data to be intercepted.
- Data Backup and Recovery Strategy: Have a comprehensive data backup and recovery plan. Regular backups ensure you won’t lose everything in the event of a malware attack, and a recovery plan will guide your actions post-attack.
- Employee Training and Awareness: Conduct regular cybersecurity training for your team. Equip them with the knowledge to identify and report suspicious activity, understand the risks of clicking unknown links, and the importance of using strong, unique passwords.
Assistance Navigating Malware Threats
If you have concerns about the impact of the infostealing malware on your agency, or if you want to ensure that your cybersecurity practices are up to par, give me a call. Don’t let the vulnerabilities exposed by this breach compromise your agency.