SpyCloud, a cybercrime analytics specialist, said the results of its new study showed that larger organizations generally recognize malware threats but they lack protection against infostealers and ways to properly remediate infections.
Those conclusions come from the company’s recently released Malware Readiness & Defense report that surveyed 320 mid-market and large enterprise IT security professionals in the U.S. and U.K. The report examines how organizations detect and address the threat of malware as a precursor to cyberattacks such as account takeover and ransomware.
Key Findings: Only 1% Not Concerned
The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data:
- 53% said they are extremely concerned about attacks that leverage malware-exfiltrated authenticated data.
- 1% said they weren’t concerned at all.
- 98% said that better visibility into at-risk applications would significantly improve their security posture.
The most overlooked entry points for malware include:
- 57% of organizations allow employees to sync browser data between personal and corporate devices. That allows threat actors to siphon employee credentials and other user authentication data through infected personal devices while remaining undetected.
- 54% of organizations struggle with shadow IT. This is due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.
- 36% of organizations allow unmanaged personal or shared devices to access business applications and systems. That opens the door for devices lacking robust security measures to access sensitive data and resources.
Lax Cyber Behavior Opens Doors to Cybercriminals
According to SpyCloud research, every infection exposes access to an average of 26 business applications. AsTrevor Hilligoss, senior director of security research at SpyCloud, explained:
"While most organizations understand the general and pervasive threat of malware, digital transformation and hybrid work models create a perfect environment for criminals to take advantage of hidden security gaps. Criminals are exploiting these vulnerabilities by taking advantage of lax cyber behaviors and deploying infostealers designed to swiftly exfiltrate access details beyond passwords.
"These days, authentication cookies that grant access to valid sessions are one of the most prized assets for perpetrating next-generation account takeover through session hijacking bypassing passwords, passkeys, and even MFA."
Many organizations are struggling with routine responses to malware infections:
- 27% don't routinely review their application logs for signs of compromise,
- 36% don't reset passwords for potentially exposed applications, and
- 39% don't terminate session cookies at the sign of exposure.
Breaking Bad Habits
Limited visibility hinders mean-time-to-discovery (MTTD) and mean-time-to-remediation (MTTR), which exacerbates risks to the business and drains resources, SpyCloud said. Moreover, SpyCloud researchers found that in the first half of 2023, 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution.
Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.
Hilligoss offered advice for security teams:
"Breaking bad habits requires time and resources most organizations can't afford and have a hard time finding in the first place. To reduce the risk created by unauthorized account access, infected devices and human error, they need a new approach for detecting and remediating malware.
"For many security teams, responding to infections is a machine-centric process that involves isolating and clearing the malware from the device. However, an identity-centric approach is more thorough as the ultimate goal is to better address the growing attack surface tied to an individual user that puts the business at risk."
