Thought Leadership
Password-related cyberattacks through malware infections are at the top of the list of the most popular attacks. Nearly 31 percent of all security breaches analyzed by the Verizon DBIR team since 2013 have been related to stolen credentials.
This prompted the research team at Specops Software, an Outpost24 Group company and leading provider of authentication solutions, to take a close look at the latest malware versions used by hackers to steal passwords, either to use them for further attacks or to sell them on the dark web. The result: a single piece of malware is responsible for 47 percent, i.e. almost half of all stolen passwords analyzed.
RedLine malware currently particularly popular
In order to determine the most common types of malware, the Outpost24 Group’s KrakenLabs research team analyzed 359 million passwords stolen in the last six months. The data shows that the RedLine malware is the most popular among hackers, with 170 million stolen passwords. This is spread through phishing and YouTube links,” explains Darren James, Senior Product Manager at Specops Software, emphasizing the dangers of reusing passwords: ”When end users use the same passwords in multiple places, this quickly leads to Active Directory passwords being compromised from the professional environment too – no matter how good the internal security measures are. This makes it all the more important to continuously “search” the Active Directory.
The study in brief
To conduct the study, KrakenLabs extracted credentials from the malware used to steal them. By using traditional sinkholing to intercept DNS queries connecting to unwanted domains, or using their own patented technology, the threat intelligence team was able to intercept stolen credentials as they were transmitted to the command-and-control server and distributed to various clouds. Working closely with the Outpost24 team helps Specops Software to better understand the methods used to distribute and sell credentials, and in some cases even gain access to the raw data.
(vp/Specops Software)
