- Revisiting Docker Hub Policies: Prioritizing Developer Experience | Docker
- The most critical job skill you need to thrive in the AI revolution
- Kickstart 2025 with the Top Five in Cisco U. Essentials
- Google Announces Quantum-Safe Digital Signatures in Cloud KMS
- Apple Breaks Silence on UK Probe, Removes Data Protection Tool From UK Users
Over 330 Million Credentials Compromised by Infostealers
Infostealers became one of the “most significant initial access vectors” in the threat landscape last year, with one threat intelligence company claiming to find over 330 million compromised credentials linked to the malware.
Israeli firm Kela revealed the findings in its latest report, The State of Cybercrime 2024, published today and based on its own analysis of the threat landscape.
The hundreds of millions of compromised credentials it found were linked to infostealer activity on at least 4.3 million machines. Although both figures represent just a slight increase on 2023, the direction of travel is clear.
These credentials provide access to a range of sensitive corporate services, including cloud solutions, CMS, email and user authentication.
Read more on infostealers: Hundreds of US Military and Defense Credentials Compromised
Credentials compromised via infostealers were famously behind the hijacking of multiple Snowflake accounts, resulting in data breaches that impacted over one billion customers of companies including Ticketmaster and AT&T.
In addition to the credentials obtained via infostealers, Kela said it observed 3.9 billion credentials shared in the form of credentials lists (ULP files), which are mostly obtained from infostealer logs, but also third-party breaches and phishing.
However, there is some ray of hope: the top three infostealer malware strains – Lumma, StealC and RedLine – were responsible for over 75% of infected machines recorded by Kela.
“High-profile operations in 2024, such as the disruption of RedLine, demonstrated the ability of international agencies to dismantle key components of the infostealer supply chain,” the report explained.
“These efforts are likely to continue and even escalate in 2025, targeting not only the malware developers but also the infrastructure of affiliate teams and marketplaces, as well as other platforms supporting their operations.”
That said, Kela is also predicting a surge in infostealer activity thanks to the malware-as-a-service (MaaS) model and the increasing sophistication of the malicious code itself.
Kela’s report also revealed a surge in ransomware activity in 2024. Over 5230 victims and close to 100 threat actors were tracked by the firm last year, a respective 10.5% and 28.5% annual increase.
