"Infostealer Malware Threat Grows as MFA Fatigue Attacks Spread"
According to research conducted by the Cyber Threat Intelligence team at Accenture, infostealer malware grew in underground criminal networks in 2022, while multi-factor authentication (MFA) fatigue attacks increased. Infostealers are malicious software packages aimed at stealing sensitive information, including passwords, from victims. In an MFA fatigue attack, an attacker bombards a user's MFA device, generally a smartphone, with login approval requests. The goal is to exhaust the user so that they finally accept a login request to stop the notifications. Researchers have discovered that cybercriminals have expanded their infostealer malware variants to capitalize on demand, citing an increase in compromised credential marketplaces and a move toward private sales for quality logs. Timothy Morris, the chief security advisor at Tanium, believes that infostealer malware is booming because extortion is thriving. Extortion is more profitable and easier than ransomware. He explained that most people associate extortion with holding company data hostage or threatening to release stolen data during or after a ransomware attack, which is typical of second-level extortion. The third level consists of threats to release the data of individuals or entities contained inside the exfiltrated data. He noted that the third level of extortion can be reached by simply taking information, which infostealer software excels at. Morris stated that the same abilities and infrastructure used to create and operate a banking Trojan may be repurposed for use in an infostealer malware campaign. This article continues to discuss infostealer malware and MFA fatigue attacks.
Security Boulevard reports "Infostealer Malware Threat Grows as MFA Fatigue Attacks Spread"