Organizations lack visibility into malware attacks

While IT security leaders are concerned about attacks that use malware-exfiltrated authentication data, many still lack the necessary tools to investigate the security and organizational impact of these infections and effectively prevent follow-on attacks.

Research from cybercrime analytics company SpyCloud shows 98 percent of over 300 mid-market and enterprise IT security professionals from the US and UK surveyed say better visibility into at-risk applications would significantly improve their security posture.

Human behavior continues to be a problem with some of the main entry points for malware taking advantage of employee failings. 57 percent of organizations allow employees to sync browser data between personal and corporate devices, 54 percent of organizations struggle with shadow IT due to employees' unsanctioned adoption of applications and systems, and 36 percent of organizations allow unmanaged personal or shared devices to access business applications and systems.

"While most organizations understand the general and pervasive threat of malware, digital transformation and hybrid work models create a perfect environment for criminals to take advantage of hidden security gaps," says Trevor Hilligoss, director of security research at SpyCloud. "Criminals are exploiting these vulnerabilities by taking advantage of lax cyber behaviors and deploying infostealers designed to swiftly exfiltrate access details beyond passwords. These days, authentication cookies that grant access to valid sessions are one of the most prized assets for perpetrating next-generation account takeover through session hijacking -- bypassing passwords, passkeys, and even MFA."

Detecting and acting on exposures quickly is critical to disrupting malicious actors attempting to harm the organization. Yet the survey reveals many are struggling with routine responses to malware infections. 27 percent don't routinely review their application logs for signs of compromise, 36 percent don't reset passwords for potentially exposed applications, and 39 percent don't terminate session cookies at the sign of exposure.

"Breaking bad habits requires time and resources most organizations can't afford and have a hard time finding in the first place. To reduce the risk created by unauthorized account access, infected devices and human error, they need a new approach for detecting and remediating malware. For many security teams, responding to infections is a machine-centric process that involves isolating and clearing the malware from the device. However, an identity-centric approach is more thorough as the ultimate goal is to better address the growing attack surface tied to an individual user that puts the business at risk," Hilligoss adds.

You can get the full report from the SpyCloud site.

Image credit: hjalmeida/depsoitphotos.com