News broke today that previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple. The malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to infected devices.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>Password Stealing Malware and Phishing Attacks remain a challenge for most modern enterprises. Password Stealing techniques usually target the weakest link in an organisation’s security posture – the human being. Once successfully performed, any future attacks have a high chance of staying undetected as they use official credentials to access personal and business resources. Attackers don\’t need to pay lot of attention when obfuscating their actions as having full access allows them to run a large variety of other attacks, like stealing full identities, attacking internal services, exfiltrating sensitive company data, etc. As these tactics become increasingly sophisticated, companies must employ security measures such as multi-factor authentication in order to protect company data and prevent the loss of classified and sensitive information. Applying controls to technologies, making sure security is included in business processes, and ensure the organisation has a good security culture are all also key. Applying a Defence in Depth (DiD) model to security within your organisation, with security controls in place within technologies, business processes and culture will begin to support reducing risk associated with new malware variants. Don\’t underestimate the value of security awareness programmes for keeping your employee’s conscious of new malware threats.</p>