Our Threat Intelligence team has uncovered evidence of hackers promoting the use of keyword searches within infostealer logs. Let's dive deeper into what this tactic involves and its implications for cybersecurity.
What are infostealers?
To begin, let's clarify what we mean by an infostealer. An infostealer is a type of malware (malicious software) designed to infect devices like laptops, smartphones, or tablets and extract sensitive information. While info stealers are often used to steal login credentials, they can also capture a wide range of data, including browser cookies, browsing history, and more. This data is typically logged and then sent back to the hacker, providing them with a detailed snapshot of the victim's online activities. For more information on info stealers - you can download our free guide: https://dynarisk.com/resources/resource-centre/understanding-info-stealers
Why are info stealers used?
Info stealers are primarily used to harvest data that can be exploited for further attacks or sold on the dark web. Although info stealers have been around for some time, their popularity has surged in recent years due to the increasing value of stolen data and the ease with which these tools can be deployed.
How are hackers searching the logs?
Our team recently identified a post on a hacker forum detailing how cybercriminals can use keyword searches within info stealer logs to assess the quality of the stolen data. This tactic allows hackers to quickly filter through vast amounts of information, pinpointing valuable data that can be monetised more effectively.
Here’s an excerpt from a post on the forum:
This post translates to:
Hello everyone.
I work with logs, specifically, I load links for companies that need them, and I extract accounts on request. Let's say for access to the shipping logs.
Here's my question, gentlemen: what actions should I take to maximize the monetization of the groups from the forum? The companies I work for load the log files quite well; it's not a problem to get into the system, but the lack of experience in this area makes finding access in the logs impossible, and something that potentially could be very well monetised.
Can someone advise me on this issue?
In response, another forum member shared a list of URLs, file paths, and keywords related to network security, remote access tools, VPNs, and hacking methods. This keyword search list enables hackers to efficiently sift through infostealer logs, expediting the process of identifying high-value data and enhancing the profitability of their stolen information.
What Does This Mean?
The growing sophistication of information stealers, along with hackers' evolving methods of using and confirming stolen data, significantly increases the level of threat. Stolen credentials open the door to further attacks, such as data breaches or ransomware. This emphasises the critical importance of continuously monitoring and swiftly detecting compromised data to prevent cybercriminals from exploiting it.
Stay Protected with DynaRisk
At DynaRisk, we believe everyone should have access to cybersecurity tools to protect themselves, their businesses, and their families. We partner with industries worldwide, particularly in the insurance and financial sectors, to provide our software as part of a cyber insurance policy, cyber protection programme, or benefit.
To learn more about our products, visit our product or solutions pages.
For more information or a quick chat, contact us at info@dynarisk.com.