BACKGROUND:

Researchers at Nordlocker have reported on Nameless malware that stole 1.2 TB of private data, discussing their case study of a 1.2-terabyte database collected from “over 3 million Windows-based computers” between 2018 and 2020 by a “Trojan-type malware.” Their analysis offers details on the malware used, data & file types and programs/ apps targeted, including:

  • Downloaded software included illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games
  • Infected 3.25 million Windows based computers
  • 26 million login credentials stolen between 2018 and 2020
  • Screenshots & camera images collected
Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Rajiv Pimplaskar
InfoSec Expert
June 10, 2021 12:17 pm

<p><span class=\"il\">The</span> <span class=\"il\">abrupt</span> <span class=\"il\">shift</span> to remote work due to COVID-19 during <span class=\"il\">the</span> past year also coincidentally corresponds to a 72% increase in ransomware attacks during <span class=\"il\">the</span> same time period. This suggests that several home computers in use for work-from-home purposes, may in fact have already been infected by malware for quite some time but are now being increasingly triggered by bad actors as they carry interesting corporate data traffic. <span class=\"il\">The</span> Nordlocker report highlights how keyloggers and other disciplined malware attacks can be conducted across a large surface area over an extended period of time. These can successfully harvest copious amounts of sensitive data including credential and biographic information which can then be sold on <span class=\"il\">the</span> black market. This data can also be misused for social engineering and lateral movement to facilitate secondary attacks on progressively higher-value targets such as financial accounts. These secondary attacks can take on many forms including a multi-modal fraud campaign encompassing online, mobile, and contact center channels even including branch fraud, with varying degrees of success. </p> <p> </p> <p>Unfortunately, <span class=\"il\">the</span> weakest link in <span class=\"il\">the</span> security landscape is still <span class=\"il\">the</span> password! Organizations and users need to accelerate their journey to passwordless authentication methods such as phone as a token and or FIDO2 security keys. These authenticators create an unphishable relationship with <span class=\"il\">the</span> user and eliminate <span class=\"il\">the</span> need for password-based credentials thereby improving <span class=\"il\">the</span> organization’s resilience against such cyber attacks.</p>

Last edited 1 year ago by Rajiv Pimplaskar
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x