**The Infostealer Malware Epidemic: Why Cyber Thieves Prefer to Log In Over Hack In**

The world of cybersecurity has long been plagued by the threat of hacking, but a growing trend suggests that cyber thieves have found an even easier way in: logging in. Infostealer malware, designed to extract sensitive user information, is becoming increasingly widespread and poses a significant risk to businesses across the globe.

Stealing login credentials, browser data, messages, documents, images, and device information opens up a Pandora's box of possibilities for cyber thieves. With access to stolen credentials, they can bypass multi-factor authentication using hijacked session cookies, take over accounts, commit fraud, craft sophisticated phishing campaigns, or simply sell the compromised data on the dark web.

Our recent analysis at Socura and Flare revealed a disturbing trend: in just one dataset of FTSE 100 employee credentials, we discovered 28,000 instances of stolen login information leaked in infostealer logs. What's more, we found cookies valid for several years – giving attackers an open door to log in and bypass security controls like MFA.

One would expect the UK's corporate giants to be immune to these threats, with their substantial budgets and advanced security tools at their disposal. But, surprisingly, even they remain vulnerable. This raises a critical point: if industry leaders are struggling to manage their threat exposure, then small and medium-sized businesses must face similar challenges.

So, what's driving the rise of infostealer malware? One major factor is the increasingly blurred line between corporate and personal IT. Employees often use their work devices, accounts, and applications for both professional and personal purposes – creating a fertile ground for malware to spread. A surprising source of infostealer malware: video games. Infected mods for popular titles like Roblox, Fortnite, and Grand Theft Auto have become a common entry point for attackers.

The threat is further exacerbated by employees using weak passwords across multiple accounts. Our research showed that over half of FTSE 100 companies had at least one instance of an employee credential with the password 'password' – or a variation thereof. This lazy security practice leaves businesses wide open to attacks, as malware can capture login credentials for one site and test those same passwords elsewhere.

To combat the risks associated with infostealer malware, a multi-layered approach is essential. This includes preventing leaks through education and password management, implementing MFA across the board (preferably using phishing-resistant options like passkeys), reviewing personal device and application management, updating BYOD policies, and conducting proactive threat exposure monitoring.

Businesses can take control of their security by acknowledging the widespread nature of this threat. By recognizing that cyber thieves prefer to log in over hack in, we can stop handing them the keys – and making their job as simple as turning a lock. With the right tools and strategies in place, companies can minimize the risk associated with infostealer malware and protect themselves against these sophisticated attacks.

As threat intelligence lead at Socura, I urge businesses to take decisive action against the rising tide of infostealer malware. Together, we can create a safer online environment for all – one where cyber thieves have to work harder to get what they want.