Latest news with #informationstealing

Forbes

Information-Stealing Machine Behind Theft Of 1.8 Billion Credentials

The days of cybercrime being committed by the once stereotypical hacker in the basement, acting alone, are long gone. Organized crime rules the criminal hacking roost now, and this is evidenced time and time again by the sheer scale of the cyberattacks we see. When talking about an information-stealing machine, you may be forgiven for thinking of the Katz Stealer cybercrime-as-a-service operation that charges hackers as little as $30 to compromise thousands of passwords from the most popular web browsers, or maybe the Atlantis AIO automatic password-hacking machine that brings credential-stuffing into the hands of the cybercriminal. But the machine in the headline is bigger than all of them. Because it is all of them. New threat intelligence has revealed the extent to which organized information-stealing has erupted in just the first six months of 2025. I trust you are sitting down. Global Threat Intelligence Index Reveals Information-Stealing Machine In Action The latest analysis from the threat intelligence team at Flashpoint has just been published, and it makes for some very disturbing reading indeed. It's hard to know where to start when it comes to the alarming statistics that cover just the first six months of the year. The 235% surge in data breaches, two-thirds of them in the U.S., it must be said, exposing a staggering 9.45 billion records, is bad enough. But this is dwarfed by the 800% rise that has been observed in stolen credentials, with 1.8 billion compromised by information-stealers. The two sets of numbers are, however, intrinsically linked: unauthorized access accounted for nearly 78% of all reported data breach incidents. No wonder infostealers are the initial access weapon of choice for so many criminal hackers. The rise of identity as a primary attack vector is, without a shadow of a doubt, fueled by infostealers. 'They enable initial access that can cascade into significant data breaches across organizations and their supply chains,' the report warned, and have 'gained traction due to their low cost, accessibility, and ability to provide threat actors with deeper access than many other initial access vectors.' It can surely be no coincidence that Flashpoint has reported a 179% increase in ransomware incidents during the same time period as the information-stealing machine activity has spiked. "With ransomware up 179% and data breaches surging 235%, the sheer scale of malicious activity is undeniable,' Ian Gray, Flashpoint's vice president of cyber threat intelligence operations, said. The report recommended that organizations 'implement a two-pronged approach' that combines the use of compromised credential dataset intelligence alongside alerting based on specific affected domains. You might also want to consider switching to a stronger credentials technology than passwords and basic 2FA, by which I am referring to passkeys, of course. Why make things easy for the information-stealing machine, after all?