Some of the most sensitive corporate and military networks in the US could be at risk of compromise, after researchers revealed widespread credential theft via infostealer malware.
Hudson Rock said its analysis of cybercrime marketplaces revealed compromised credentials for sale from Lockheed Martin, Boeing and Honeywell, as well as the US army and navy, the FBI and the Government Accountability Office (GAO).
For as little as $10 per log, threat actors can effectively purchase access to corporate email and VPN accounts, as well as internal development tools (e.g. GitHub, Jira, Confluence) and military training platforms, among other assets.
Slick cybercrime marketplaces make searching for specific credentials, such as army.mil, even easier, and often logs come with active session cookies for multi-factor authentication (MFA) bypass, the report claimed.
Even organizations that aren’t impacted by infostealers can still be compromised if their partners, suppliers and vendors have been, Hudson Rock warned.
Read more on infostealers: New Infostealer Campaign Uses Discord Videogame Lure
“Each one of these infected employees is a real person – it could be an engineer working on military AI systems, a procurement officer managing classified contracts, a defense analyst with access to mission-critical intelligence,” the report continued.
“At some point, these employees downloaded malware on a device they used for work, exposing not just their credentials, but potentially their entire digital footprint: browsing history, autofill data, internal documents, and session cookies for sensitive applications.”
The research represents a major national security risk for the US, according to Thomas Richards, principal consultant at Black Duck.
“The data stolen could allow an adversary into critical networks and take steps to compromise additional people and systems,” he argued.
“Affected users should have their passwords rotated immediately, and a forensic investigation should be launched to determine how they were compromised and if attackers accessed information they shouldn’t have.”
Infostealer infections can stem from a variety of sources, including phishing messages, drive-by-downloads from infected websites, cracked/pirated games, legitimate-seeming apps such as fake meeting software, Google Ads and even YouTube video descriptions.
Hudson Rock claimed it has identified over 30 million computers infected by infostealers in the “past few years.”
