Accenture's Cyber Threat Intelligence reports cybercriminals used more information stealer malware and attacks exploiting multifactor authentication fatigue in 2022, Security Boulevard reports.
According to the teams new report, the shift was prompted by the growth of marketplaces selling compromised user credentials and the increasing number of private transactions trading in quality logs.
Tanium Chief Security Advisor Timothy Morris notes that extortion is a thriving industry and a more lucrative option compared to ransomware, and that matured infostealer malwareis capable of producing the same results as ransomware by simply stealing data.
The same skills and infrastructure used to write and operate a banking trojan can be modified and used as an infostealer campaign. The criminals are already good at evading detection and have modernized that, said Morris.
Meanwhile, MFA fatigue attacks involve bombarding an end-users device with notifications to authorize a login attempt until the victim finally complies out of exhaustion. Joseph Carson, chief security scientist and advisory chief information security officer at Delinea, says increasing enforcement of MFA practices at enterprises has led to a rise in MFA fatigue and made it vulnerable to abuse.