"Over 700 Million Credentials Exposed and 22 Million Devices Infected in 2022"
SpyCloud's latest Identity Exposure Report reveals that its researchers retrieved 721.5 million exposed credentials from the criminal underworld and discovered over 22 million unique devices infected with malware in the last year. Around 50 percent of the exposed credentials recovered by SpyCloud came from botnets, which are often used to deploy information-stealing malware. Such malware enables cybercriminals to steal valid passwords, cookies, auto-fill data, and other important information for use in targeted attacks. According to Trevor Hilligoss, director of security research at SpyCloud, the widespread use of infostealers is a dangerous trend because it opens the door for malicious actors, such as Initial Access Brokers (IABs), who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals. Information-stealing malware variants have been found to be simple, inexpensive, and scalable, fostering a robust underground economy with an "anything-as-a-service" model to facilitate cybercrime. This broker/operator relationship is a profitable business with a low cost of entry. Additionally, researchers recaptured nearly 22 billion device and session cookies that could grant cybercriminals access to sensitive data by allowing them to circumvent multifactor authentication (MFA) and hijack an active session. This article continues to discuss key findings shared in SpyCloud's Identity Exposure Report.
BetaNews reports "Over 700 Million Credentials Exposed and 22 Million Devices Infected in 2022"