Over 700 million credentials exposed and 22 million devices infected in 2022
The latest Identity Exposure Report from SpyCloud shows that last year its researchers recaptured 721.5 million exposed credentials from the criminal underground, and found over 22 million unique devices infected by malware.
Of the exposed credentials recovered by SpyCloud, roughly 50 percent came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers enable cybercriminals to work at scale, stealing valid credentials, cookies, auto-fill data, and other valuable information to use in targeted attacks or sell on the darknet.
"The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like Initial Access Brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals," says Trevor Hilligoss, director of security research at SpyCloud. "Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an 'anything-as-a-service' model to enable cybercrime. This broker/operator partnership is a lucrative business with a relatively low cost of entry."
Among other findings researchers recaptured nearly 22 billion device and session cookies. These records give criminals access to sensitive information by allowing them to bypass MFA and hijack an active session, essentially turning bad actors into employee clones.
They also uncovered 8.6 billion personally identifiable information assets in 2022, including 1.4 billion full names, 332 million national IDs/full social security numbers, and 67 million credit card numbers.
Despite increased focus on security training in recent years, password habits are still poor. SpyCloud found that 72 percent of users exposed in 2022 breaches were still reusing previously compromised passwords. Passwords tied to pop culture trends also remain popular with researchers recovering over 327,000 passwords related to artists Taylor Swift and Bad Bunny.
The full report is available from the SpyCloud site.