Info Stealers Exposed. Protecting Identities Online. Artwork

Cyber Crime Junkies

Socializing Cybersecurity. Translating Cyber into business terms. Newest AI, Social Engineering and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manages cyber risk.

Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast

All Episodes

Cyber Crime Junkies

Info Stealers Exposed. Protecting Identities Online.

October 05, 2024 • Cyber Crime Junkies. Host David Mauro. • Season 5 • Episode 52

Interview with Malware Protection expert Leonid Rozenberg with Hudson Rock (hudsonrock.com) on exposing information stealers, protecting identities online and what to do if your identity has been hacked.

Check out Hudson Rock’s free tools are available here - https://www.hudsonrock.com/threat-intelligence-cybercrime-tools

Send us a text

Get peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com

Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That’s NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning.

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466.

A word from our Sponsor-Kiteworks. Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors.

Visit kiteworks.com to get started.

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

In this episode of Cybercrime Junkies, host David Mauro speaks with cybersecurity expert Leonard Rosenberg from Hudson Rock about the growing threat of InfoStealers. They discuss how these malicious software infiltrates systems to steal sensitive information, the role of social engineering in cyber attacks, and the importance of cybersecurity education. Leonard shares insights from his extensive background in intelligence and highlights the misconceptions surrounding InfoStealers, including their impact on both personal and business security. The conversation also covers best practices for avoiding infections and the resources available through Hudson Rock to help individuals and organizations protect themselves against cyber threats.

Chapters

00:00 Introduction to Cybercrime and InfoStealers
02:48 Understanding InfoStealers and Their Impact
06:00 Leonid's Journey into Cybersecurity
09:11 The Role of InfoStealers in Cybercrime
11:55 Business Email Compromise and Social Engineering
14:56 Delivery Methods of InfoStealers
17:58 The Dark Web and Cybercrime Operations
21:06 The Importance of Cybersecurity Education
23:51 Misconceptions About InfoStealers
26:52 The Difference Between Data Breaches and InfoStealers
29:55 Best Practices to Avoid InfoStealers
32:59 Hudson Rock's Tools and Resources
35:55 Final Thoughts and Future of Cybersecurity

Exposing Information Stealers. Protecting Identities Online.

Interview with Malware Protection expert Leonid Rozenbergwith Hudson Rock (hudsonrock.com) on exposing information stealers, protecting identities online, hackers who sell vulnerabilities, how to know if your identity is stolen, how to know if youve been breached, how to protect against infostealers, how to protect against online credential theft, how to protect your devices from cyber attacks, how to reduce risk of your identity being stolen, how to stop initial access brokers, hunting down identity thieves, identity thieves, information stealers, infostealers, infostealers 2024, initial access brokers, latest ways hackers are stealing your info, protecting against hackers who sell vulnerabilities, what to do if you think youve been hacked, what to do if your identity has been hacked

Podcast guest

Check out Hudson Rock’s free tools are available here - https://www.hudsonrock.com/threat-intelligence-cybercrime-tools

Dino Mauro (00:01.07)
Ever need or want to know if your company has vulnerabilities exposed to cyber criminals and for sale right now on the dark web? Want to receive immediate notification if your email is involved in a breach or infected with an information stealer.

Ever need to search for compromised corporate and supply chain infrastructure? Ever want to discover the password hygiene used by any company? Ever want to know if your employees, customers, users, and partners are compromised? Well, we will show you today is a blockbuster episode like no other, ease. Welcome everyone to Cybercrime Junkies. I am your host, Dino Morrow.

In this episode, we interview a subject matter expert in the field of malware information stealers. His name is Leonid Rosenberg, and he joins us all the from Tel Aviv. Leonid is with the cybersecurity company Hudson Rock. Today, we talk about some new topics never before addressed on our show. Specifically, we show you no cost ways how to know if your identity is stolen.

how to know if you've been breached. We chat about how to protect yourself individually against info stealers, as well as how to protect against online credential theft. We walk you through shocking stories. We will also demonstrate these amazing free tools near the end. So please do us and do yourself a benefit and listen all the way through. And as always, thank you. Thank you.

for listening and thank you for being a cybercrime junkie. Small talk sucks. So let's do.

Dino Mauro (01:58.614)
Join us as we go behind the scenes of today's most notorious cybercrime. Every time we get online, we enter their world. So we provide true storytelling to raise awareness, interviewing global leaders, making an impact and improving our world, translating cybersecurity into everyday language that's practical and easy to understand. We appreciate you making this an award winning podcast by downloading our episodes on

Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and now the show.

Dino Mauro (02:48.398)
All right, well, welcome everybody to Cybercrime Junkies. I am your host, David Morrow. And in the studio today, we have a very, very special episode. Leonard Rosenberg is joining us from Hudson Rock, remoting in from Tel Aviv. And we're really honored to have him here. They are leaders in the industry of cybersecurity. He's got a fascinating story, a great illustrious...

career and we're really excited about having you here. Thank you so much for joining us today. My pleasure, David. It's a pleasure to be here on your podcast. Thank you very much for inviting me. that's fantastic. So first, let's talk about, let's give everybody kind of a high level overview of your current role. And then I want to dig in and unpeel that a little.

Yeah, so my current role is HotStore Rock and HotStore Rock is a cybercrime intelligence company and we do only one and single thing, we deliver the intelligence from the infected computer by the Infosteal malware. And my role in the day is to work with our clients and the people that are interested in this product to explain them on a technical level what is the Infostealers. But in my free time...

I'm happy to join what is like your podcast and speak with the wide audience in very simple language to help them understand what is the Info Studio thread, what is actually is doing and what are kind of potential, you know, damage that it can done to your as a person or you as a company. So basically, HotS for Rocker have two positions, one more technical and one more community oriented. that's fantastic. And so the

intelligence that you guys provide, meaning we've talked about it a lot on the show. And that is, you know, just to, to do a simple analogy, like to dumb it down for people like me, right? Like, you know, if organizations all have firewalls, right. And all of those, they need that. They have antivirus. They need that. We're not saying don't do that, but that's like having a really good front door, right? But by having the

Dino Mauro (05:06.986)
intelligence and knowing the modus operandi and seeing the way the, the tactics and techniques and processes that are being used from like all the information you guys gather, we're able to see a lot more than just building a strong front door at our house, right? You're able to know, Hey, guess what? In the early morning hours, every single Wednesday morning, somebody is breaking in to other houses in this neighborhood.

through the laundry room window, right? And so that way, you know, you can take actions. You keep the front door. We're not saying leave your door open, but you know, Wednesday, early mornings to have a light on over there or to make sure that part of your house is doubly protected, right? And it allows people to act to take action with intelligent, like intelligent insight. I know that's a really, really simplistic,

analogy and those in the cybersecurity field are probably like rolling their eyes. But I mean, our audience are a lot of non-technical business owners, right? And business leaders. And so they just want it kind of explained in plain terms. Yeah, of course. So I've explained it in a very, very simple language. So basically the info stealing malware is a type of malicious software that designed to number one, infiltrate the victim system and actually try the sensitive information.

So break in, so let's back up there. I don't mean to interrupt you. just want to, so the InfoSteal, it's designed to infiltrate it, meaning get into your system, essentially undetected, and then exfiltrate it, which is that fancy word for steal it, right? Like to get it out of your system so that they can have a copy of it or have possession of it. That's correct. And here I want to emphasize something about undetected.

So yes, one of the main goals of the InfosTheater is to remain undetected. And if you ask me what is the best kind of InfosTheater, those remain undetected. But we also see the case when there is detection of the antivirus on the system that basically says to the person that hey, this is some kind of malicious software, you should stop using that. And the person goes and disables the antivirus and runs this file again. Okay. So this is something very important to understand that

Dino Mauro (07:29.654)
Even you can have a few layers of security in your company or in your business or as a private person, you will still have this human factor that will say, I still want to double click on this file and I don't care about any kind of certification. So this is one of the problems. you're saying so then the human, the social engineering part comes in, which overrides the technical precautions that they have.

Of course, later when we're going to discuss how this malware is delivered to the end victim, you're to see that most of the delivery methods are combined with the social engineering techniques and they basically leverage the human factor that will push the person to click on this file because to initiate the info stealing malware attack, you need to do something as an end user. It doesn't know how to run by itself.

but somebody needs to click on this file. So everything here is also combined with the social engineering techniques that basically tell you some kind of story that right here and right now you need to do something. And then of course you will double click on something that you should not double click. That's exactly right. So let me ask you this on a personal level, personally, not your professional life, but personally, why do you do this? Like what, what is it about cybersecurity?

that gets you all fired up and makes you want to do this for your living. Did you always want to fight crime when you were a kid? Did you want to be Superman or Batman when you were a kid? Actually, no and no. But I'm doing intelligence for almost two decades already. Yeah, and a little bit about my background. As I said, I'm doing different types of intelligence roles.

You were with the Israeli Defense Forces and the Israeli National Security Agency, right? That's correct. Yes, I started. That's pretty impressive. Yeah, that's powerful stuff. Thank you. Yes, I started like every Israeli citizen, my mandatory military service at age 18. So I spent some time in the Israeli Defense Forces and then it was a very smooth transition to the National Security Agency. And you see, at some point,

Dino Mauro (09:50.382)
I decided to make a switch from the real life intelligence to a cyber intelligence. Because I was well, they're related in a lot of ways too, right? Like this, some of the processes are similar, right? It's, it's about securing and digging in and finding the vulnerabilities and shoring, shoring those up, but it's digitally. That's correct. You describe it in very, very correct way. It's the same tactics and techniques, but

not in a physical way, but in a digital way. And this is the reason that in the cyber intelligence, we use the same keywords, like a host in open source intelligence, web intelligence, human-based intelligence, but again, we do the same back in the digital. That's amazing. where is Hudson Rock? I see a lot of info on Hudson Rock, but I live in this world. But where is Hudson Rock based?

and what type of organizations do they help support? Any business, any industry, and almost in every country. This is how I describe the business activity of the Hudson Rock. Because the InfoStilo threat is relevant literally for everyone. Because the way how the InfoStilo spread, they can affect again, any business in any industry and almost in any.

Our InfoStealers, that's phenomenal. I want to talk about the InfoStealer for a second. So the InfoStealer malware, I don't need to get into the history of it or where it where it comes from, but is it launched part and parcel with other attacks? Meaning, do they use an InfoStealer along with their ransomware campaigns or their ransomware as a service campaign?

Or is InfoStealer or various forms of it part of some of the other ransomware as a service groups like the LockBits or the Black Cats back in the day and stuff like that? This is perfect question because InfoStealers, this is some kind of part of different kinds of cybercrime monetization chain. Yeah, that's what I thought. It's part of the whole supply chain of an attack, right?

Dino Mauro (12:16.286)
Exactly, exactly. What InfoStealers basically allow to the cyber criminals, to the attackers, is some kind of initial entrance to the company or to some kind of account. And basically from there, from this point, the attackers can decide what they are willing to do. So when they have access that is originated from the InfoStealer attack, they can decide, okay, I can deploy here ransomware and probably from here it will go to the ransomware gang and they know how to do this job.

Unfortunately, And then maybe you can decide, all right, this company is very interesting. Maybe I can conduct here as Tiger Espionage. So I will don't do anything. will just, you know, quite quick. Right. Just gather information. Right. And I think that so many people don't realize that they assume if I click a link or I get socially engineered that my desktop computer at work or something is going to like blow up, like it's going to have all this stuff and

And oftentimes when we see the post mortems done, the forensics, et cetera, after a breach, they were inside for a long time, creating, just gathering up evident, like information, creating back doors, just doing things undetected for quite a while. And sometimes they don't even launch. They just gather up info and then leave, believe it

Yeah, that's correct. And if we speak about a little bit next level, and not about the side of criminals, about the APTs, like nation state actors, they also use data from the info stealers, but they're not willing to do immediate damage. For them, it would be more interesting to stay inside the company for a little bit more time, for even sometimes one year or two years. And you have different scenarios that...

As I said, one of them will deploy the ransomware. One of them they will use for the cyber espionage. And let's talk about the business email compromised. Yeah, this I can hijack somebody like a high level executive email and then. Right. And then impersonate them. then that's a, they're so the business email compromise is so effective, right? Because it looks like it's coming from your boss. They can create a thread jack, right? Where.

Dino Mauro (14:38.562)
where when you look at the thread and you get this email from your boss, you look down and it looks like your boss was talking to maybe like, this might be the president of the company who was talking to your boss and your boss approved that you do this thing. And you see it all in the thread, even though it's all made up, right? Exactly. And you said it looks like it's coming from your boss. It's actually coming from your boss because there is no email, there is no spoof of any kind of, it's not a

phishing that somebody created, you know, look like from the outside coming in, it's actually a compromised account and it is coming from their, their inbox. And we see, of course, of course, and we see a lot of, you know, use cases when you hijack this thread and it's used for some kinds of financial fraud. Like you say, all right, now you need to transfer X amount of money to this bank account and this bank account is not related. It is actually the threat actors, bank account.

So I will summarize the usage of the data from the InfoStars. It is like the initial way, initial point, like a junction to a bunch of other different attacks. And we know for sure, and this is what we see as hot to rock on the dark web cybercrime forums, that threat actors continuously come and open threats and say,

I'm looking for a specific kind of data. Can you look inside your info stealing repositories that other actors maintain? And they use it for different kinds of attacks. There is something else that is social media account that you can hijack social media. You don't need to damage a company, but you can hijack a Facebook account or maybe a YouTube channel. And gather up Intel.

Right? I mean, that's exactly right. mean, people that are just in regular sales and marketing and business roles can understand that because when they're trying to gather up information on an ideal client that they want to decide to reach out to, right? They, they gather up information. They want to know all the things about these people. Right? And that's exactly what the cyber criminal

Dino Mauro (17:01.75)
element will do as well. So the the primary methods in which infos dealers are deployed, meaning the ways that a cyber criminal group will use infos dealers and attack regular people right at an organization. can think there's several aren't there there's clearly phishing business email compromise taking over an account, they can do it through

like ads too, right? Like when there's ads on Facebook or Instagram, people click on them because they look too good to be true and you want to read more. Isn't there, can't there be malware on the back of those ads sometimes? That's correct. And there is a few more of them. And I would like to elaborate about each one of them, because this is the part of the education that I'm trying to advocate to, to everybody, to all the audience, because I believe that

In 2024, this is not enough to say, okay, you have a suspicious link, don't click on it. All right? Right. It was good like 10, 15 years ago. And then we saw the transition that the education went in the direction as, okay, don't click on this link because it will steal your password. But I believe that in 2024, you need to hear what I'm going to tell right now about the delivery methods of the InfoSteers to understand the whole picture, how it's done, because

next time that you're going to see something that is too good to be true or something that I will talk about this in a second, I hope that somewhere in your mind, you will remember my words and say, okay, I remember learning from Huts and Rock talking about this kind of delivery method. Maybe here there is an impulse here and maybe I should think twice or maybe I should contact my security team to understand if it's bad or it's legitimate. Yeah.

So yeah, walk us through those. Yeah. So number one, as you mentioned, this is a phishing campaign. As easy as it sounds, the info steering malware is delivered through completely opportunistic way. They send it to, they, mean, the contractors send it to millions and 10 millions of different people. And this is the reason that this email can land also in small business with 10 people company in the

Dino Mauro (19:27.246)
medium business with, for example, 300 people company and some kind of large enterprise. And this is a typical phishing campaign that you won a lottery, that you have a free vacation and you name it. And we've talked about it on this show because we've gone on the dark web thousands of times and there are platforms there that these groups use that are phenomenal. Like they track the campaigns.

just like a Salesforce campaign that businesses would use. They track what messages, how many opens, how many clicks, all of that. I mean, it's remarkable the level of sophistication that they actually use. I can even add more that what we see today, and again, in 2024, every dark web service operates like a legitimate company, like a legitimate startup company. They have a product team.

They have a customer success team. They have a sales team. They have a good product. They know what their competitors are doing. And it's not like single person trying to sell something shady. You got there completely like B2B service. And this is the same like in the phishing campaigns. If you want to order some kind of sophisticated phishing campaigns, you will have some fancy dashboard and you will see, OK, it was delivered to this kind of audience.

This is amount of clicks. And, and again, as you told, this is something like a, like a business level operation. So phishing is number one. Number two is the pirated software and something that is mostly you can find on the torrents. So next time that you're going to download something from the torrents, hopefully nobody, nobody is doing that and you obey the rules and you buy the official software. Tritech just know that.

some some popular software like photoshop like premiere some or people want to yeah rather than spend two three four five hundred dollars on that software people will get it for less they'll get the pirated version right that's correct but it's tied the malware is tied to that exactly i'm saying here this yes you are going to save maybe two three hundred dollars but you are going to trade

Dino Mauro (21:53.644)
the saving by compromising all the passwords that you have on your computer. All right? So I suggest to think twice if you want to do this some kind of trade of saving a little bit of money, but giving up all your passwords. Pirated software and also we see Infosterior a lot in the games. Mostly like some mods for the games, cracks for games, and something that, you know,

Each one of us won this unlimited ammo in the game or unlimited health in the game or, you know, jump to walls. It's like a cheat in a game. Like you can buy those cheats for the game that'll jailbreak a game. Yes. And it comes in through that. That's correct. And just imagine yourself how many people today still play games like GTA or like a Fortnite or I'm talking about. Yeah, GTA like

Grand Theft Auto and Fortnite are really, really popular, right? Like they're in almost every household. Somebody is playing those games and they want to get those cheats. They want to get all of the whatever, all of the skins, all of the guns, all of the stuff that's available, all those kind of add-ons. That's correct. What is also interesting at the moment, I'm doing some kind of side step and at the moment of InfoSteal infection,

the InfoSteers know how to take the screenshot of the operating system. So basically, you know what this person was doing at the moment of infection. And eight out of 10 screenshots, somebody is playing Fortnite, somebody is playing GTA, somebody is playing some other games. And you see that one of the tabs on his browser, he was looking for, you know, free skins for the Fortnite.

So pirated software, something else that is also relevant to software, this is actually the fake software. mean, software that do not exist at all. So for example, you have, this is the real example, you have some kind of noise from your fan in your laptop and you are looking for the solution, some kind of software that you can tweak your fan on the laptop to be more quiet. And you can find completely fake websites that will...

Dino Mauro (24:17.184)
Advertisers do completely fake software that most likely will solve your problem and let's face it out, everyone has some kind of fan problem or maybe everyone, sometimes his or her computer is a little bit slow. And you can go to completely fake website to download completely fake software. And the main purpose of all this story is to infect your business tier. Right? Right. Yep.

So this is that. And once it's in the system. So let me ask you this. Once it's in system A, let's say, you know, somebody is working from home, right? But somebody else at the house is going to the website to get some cheaper software, some pirated software, and they download it. They've now infected that machine, but they can escalate privileges and move.

through the wifi and stuff to other locations too, can't they? No, okay. Because the InfoStealers, they operate a little bit in a different way. They infect only one machine and after the infection and they steal the data, they delete themselves. They are not looking to duplicate themselves through wifi or to spread themselves via email. It's not war. So it's not like other types of malware which grow and

try and infect others, generally speaking. Generally speaking, yes. Okay. Interesting. Interesting. So, so fake ads, pirated software, fake websites, things like that, obviously phishing business email compromise. you were talking about social media accounts. Walk us through that. Yeah. And social media accounts. Imagine yourself, you have

You have a legitimate YouTube channel and when I'm able to hijack somebody else YouTube channel or maybe Facebook page or Instagram I can simply change the links in the description. All right, and you know that a lot of you did youtubers say okay Click on the link in the description and you can get like 10 % off of my product So until the infection the link was legitimate

Dino Mauro (26:41.198)
after the infection, try to actually change the link. And then of course, the audience of this YouTube channel, they believe, okay, the trust of this person, and they click on this link. And in effect, they infect themselves with the stear. Right? This is a little bit more interesting way how to spread the malware, but more easy way is simply hijacking this account. So for example, I have a business

page of some kind of Facebook business, page of some kind of business. I simply hijack this and I post, I'm creating a new post that says, send me one Bitcoin and then in 10 seconds I will send you two Bitcoins. And again, even in 2024 people do that. Okay. And people still fall for it. Even in 2024. That's true. Yeah. Yeah. So this is like the two examples of how you can use

hijack social media for a little bit more easy scams and quick win scams and for a little bit more sophisticated, like a link changer type of attack. Now we talk often about like ways to check whether you've been breached and there's websites out there where you can check to see whether your email has been compromised in prior breaches. And people are always surprised whenever they check that because they're like, I didn't even know I was part of this other breach. It's a lot of times often because of

data brokers and your data was sold and your account information was sold to somebody and then they got breached. But checking out sites like have I been pwned is really good. Walk us through like what's the difference between some of the data from info stealers and other third party malware approaches that that are involved or that can be found through have I been pwned? Yeah. So

I just want to explain to the audience that those are two completely used cases. And the common mistake that I always hear from the people that they say, you have those emails and passwords, but I know about them because I have the notification for have I been pwned and I'm tracking my data breaches. Have I been pwned is a great service, but it is a great service for the data breaches.

Dino Mauro (29:02.766)
Please feel free to this is a completely different story and I will elaborate about this in a second. So third party bridge, some kind of stuff that you see on the have I been bond. Since the use case when you take your email, usually with the passwords, but sometimes it's going to just only email and the private information and you use it to register to some kind of third party service. It can be a food delivery service. It can be some kind of travel agency.

or all the data breaches that we hear on the news. And when there is a breach, usually it will contain your email address and hashed kind of a password. It could be like a mask password, like a long, long, long characters of encrypted password. Yeah. So for the tractors, it's a little bit like...

another level of friction that they need to decrypt this password and usually it will not work or maybe the data will be a little bit old and this is some kind of things that you find on the third-party data bridges. When we're talking about the info stealers it basically turns your own computer to the entire separate data bridge and difference number one that all the passwords

that the compromise in the InfoStealer attack will be always, always, always in a clear text version. So there is no such thing as encrypted passwords in the InfoStealer attack. And it means that the threat actor will get all your passwords, emails, and the URLs that are associated with those credentials as is in a clear text. Okay? So that's significant. So I want the listeners to pay attention to that.

Oftentimes in a data breach, they might get some information, but it's going to be hashed, meaning they're not going to, because the people that were holding your information may, maybe salted or peppered the data or hashed it, right? They, they tried to do some type of encryption or some type of hiding should the data be found out later. But with info stealers, they actually find the clear text, exactly what your password is. Is that what I'm hearing?

Dino Mauro (31:26.414)
That's correct 100%. Wow. That's brutal. That's brutal. Yeah. And I also wanted audience will understand how it's actually done. You know, the next time that you will create some kind of account by using your browser, it doesn't matter what kind of browser you are using because stealers know how to steal from all the browsers. You will get this notification if you're willing to save your credentials in password managers. And it's super convenient for everybody.

because you don't need to reuse the same password. I hope that nobody from your audience is doing it, I think, in 2024. We talk about it all the time. People still reuse their passwords. I meet business leaders and business owners all the time who are like, hey, I took your security awareness. You really got me thinking about this. I've got a great password. I tested it. It is a really strong password. I use it on everything. And it's such...

It's such a mistake. And we, but yes, we beat our heads against the wall trying to explain that you need to be using a different password on every single account and to manage those passwords accordingly. So what are you saying about info stealers in relation to password managers or you you're talking about right now is when people keep their passwords in their browser password managers. So people.

keep the passwords inside the password manager in the browser. And a little bit of the technical layer, those passwords are stored locally on your computer in the encrypted way. So by now you can say, all right, happy days, this is encrypted, no problem. But the info-stealers know how to decrypt this file. So this is the reason that even if you use a super complex password, 100 characters,

and complete different passwords to different services, but they are stored inside your browser. The InfoSpeeders will know how to decrypt it and they will get those passwords as is exactly as they stored and exactly as you see them as a user. Okay, so this is the big difference between third-party breaches and the InfoSpeeders. It seems so powerful from a threat actor perspective and the use of

Dino Mauro (33:52.192)
Info Steelers. Let me ask you this just high level. When we hear about these data breaches and these ransomware attacks in the news, what percentage of those attacks involved Info Steelers as part of that? Would you agree? Would you estimate a majority of them? I think the majority of them. Yeah. And there is evidence for that. I don't know the exact numbers. Yes, but

Continuously, I see that actors are asking targeting company X, please take a look inside your info, see your data if you have some kind of remote access to this company. And this is directly correlated with what we spoke right now together because you have an employee of a company that stores his remote access inside the browser.

mixed maybe some kind of business and pleasure on the same computer. So he has his work computer that he downloads skins to the Fortnite and Infofear managed to compromise not only his Facebook account, LinkedIn account or maybe private Gmail account but also take the remote access to his workplace. And then track actors, what they're doing, they're digging in inside this data and they're picking up those juicy remote accesses

And then we see the whole industry of selling remote access in the companies on the dark web forums, mostly on the Russian language forums. And even sometimes the threat actors mentioned that I'm selling access to company X, the origin of the access is from the info steer. All right. So what is interesting here that actually there is even no any kind of hacking inside the company.

the employee infected himself with the malware. Trifecta just found this access and selling it. then they bought the access. so these are essentially, so InfoStealers are also used by IABs, right? Initial access brokers, people that will get the access, not be part of like a, like a Russian ransomware as a service gang necessarily, right? But they will just list it for sale and one of the marketplaces are in their own.

Dino Mauro (36:16.238)
page on the dark web, make two, three, $5,000 and just sell the access that they got from the info stealer. Yeah. Yeah. and that marketplace, that whole ecosystem is what's, what's causing so many things to be so, so much worse. Also something else. ask you this before we move on though. in terms of other password managers, some of the more popular ones, do they operate differently?

than the password managers that like Google has in Google Chrome browser? So the password managers that are not storing the data inside the browser, they have a little bit different type of operation. I don't want to mention specific companies or specific solution because I believe of course not. Yeah, we're not, we're, we're agnostic. So yeah, but, but, everybody kind of knows the big names that are out there. A couple of them have had their own data.

breach concerns in the last year or two, but, but yeah, people are free to choose, but I'm just asking generally those tend to be safer than the ones in the browser. Is that fair? That's fair because in terms of info stealers, I'm just talking within the context of info stealers. Yes, because they operate slightly in a different way, but I want to put some, kind of remark that as you told, they had also some kind of

different security incidents. And I just want to that everybody will understand there is no such thing as 100 % security. Right? Of course. Unbelievable. Unbelievable. What are some of the best practices that people can do to avoid being subject to being infected by an InfoStealer? I mean, clearly, clearly don't fall for don't buy pirated software. Don't fall for, know, always verify should your

boss send something no matter what the thread says, you pay attention to phishing emails because everybody thinks that they can spot them even though everybody keeps clicking on them. What else? can you advise given what you see? I think that everything starts and begins with proper cyber security education. and again, and again, and I didn't even tell you to say that. That's exactly what I would have said, but I didn't even tell you to say that.

Dino Mauro (38:42.796)
That's good. Yeah, yeah, yeah. And so if you know how to start this thread, OK, or if you know how to be a little bit more aware about this thread on what can happen if yeah, yeah, there is a big chance that you're going to wait it. I also want to maybe touch a topic about the misconceptions about the infosteriors because people say OK, I'm for example I'm.

I'm aware about this thread, but I'm using Linux or I'm using Mac OS and I'm safe because there is no viruses for the Apple devices. Yeah. And I think this will be interesting to maybe touch the top five misconceptions about the infant stealers. Yeah. Let's, let's dispel some myths. So I think the myth that Apple devices don't have viruses, that's a myth. Like that's not, that's not factual, right? It just happens to be that of all the computers out there in the public on the planet.

Apple has a very small percentage. So when they're developing malware and stuff, a lot of times they do it for windows or other bases because it's more used in a lot of our enterprises and organizations. Is that fair? That's correct. And until two years ago, the infosteriors were targeting only windows based devices, but that's changed. And for the last two years, we see more and more infosteriors that are targeting Mac OS or Apple devices.

It's a little bit more complicated to run them. like the victim needs to pass through different types of stages, but in they exist. And today there are around maybe four or five of them. And we see more more more infosteriors starting to target the macOS devices. So this is the misconception number one. If I have an Apple device, I'm 100 % safe regarding the infosterior. And unfortunately, the answer here is...

is no. How multi-factor authentication? What protection does multi-factor authentication provide against InfoStealers? And I waited for this question because this is something that they hear for a lot of people that say, all right, my account can be compromised, but I have multi-factor authentication. I will receive the SMS. I will receive some kind of notification in the app and only I have this number and I have this app. So

Dino Mauro (41:08.61)
That's no problem, I'm secured, yeah? When the Infosterior compromised your computer, they not only take your passwords and everything that is stored inside the browser, they also steal your cookies. And I want to explain here that the cookies... Yeah, this is so interesting. Yeah. Walk us through that. Yeah, so when you have a valid cookie, this is some kind of... This helps you...

not to log in again and again and again to sites that you're using. So this is the reason that the next time that you log into your Facebook account, you don't need to type in your password again and again. Because the Facebook see that they have valid cookie that they left on your computer. And this is the reason that every site today says, we're going to plan some cookies on your computer. Please accept this. Yeah? And if you have a valid cookie for the session,

that requires the multifactor authentication, the threat actors can just take this cookie, import their system, and they have a valid session to somebody else's account, and they don't even need to pass through any kind of process because they like hijack this session. Unbelievable. So they're able to log right back in as you after stealing those cookies? Yes. Yes.

Yes. So, this is one of the things we always try and educate people on is when you go to sites, right? Always, always reject all. Is there anything else somebody can do? Like never accept cookies. Always reject all. when it says keep your credentials or keep me signed in to this account, even though it's convenient, people should avoid doing that. Is that a good idea? This is a good idea. This is a good idea to

clean your cookies time to time, but you mentioned the keyword, the convenience. And this brings me to another thing about the Infosterior that people say, like I don't want to deal with signing in all the time and I don't want to deal with clean cookies all again. I keep everything as is because it will not happen to me. Okay. And I hear it a lot, a lot of different people that they say, I hear it.

Dino Mauro (43:32.922)
all the time Leonard, like I literally heard somebody from, I'm not going to say what organization, but this was just, just a few weeks ago and they were bright, intelligent, but they were like, look, we're located in a small town outside an urban area. We feel physically safe. We don't worry about this type of stuff. And I wanted to like bang my head against the wall because I'm like, so then don't go online.

Like as long as you don't go online, you might be safe, but like, I don't think they understand like it can happen to them. It absolutely can. Who do you think it's happening to? Right? Like that's exactly, it's that kind of thought process is why you're being targeted. Right? Yep. Yeah. And I'll jump back to the ransomware cases that sometimes you speak with the

Security managers on big, big, big complex factories and they say, listen, I'm dealing here with the manufacturing really low tech steel pipes, okay, or tubes or some kind of doors to the cars. Who wants to target me? And then somebody, and of course they don't want to invest in the cybersecurity education and then they have the employee or maybe

I even saw the case when there was one computer inside the factory that was used by around 75 different workers. One computer. So you imagine yourself what they do on this computer. Yeah. And then of course, somebody of them most likely will download some kind of malware. And then you have this ransom incident. And because this factory has a really high revenue, now they face that they need to pay a really big

ransom and everything begins with with the wrong mindset that people say but I'm really low tech company I'm doing like you know like something very simple like a plastic plastic glasses like nobody cares about me yeah yeah but that's not true you have w2s you have intellectual property you have customer lists you have all that like we talked about earlier you've been developing your own

Dino Mauro (45:55.658)
open source, intelligent on all the customers you want to go after. Right. And you have all this data and all this information on those people. They want that you have banking instructions, you have wiring instructions, you have invoicing. There's a ton of value even in a small business. Yes. So we covered right now the Apple devices, that they are also targeted by the info fears, about the multi-factor authentication and the cookies.

case and about the mindset. I have two more that I'm willing to share with the audience. Absolutely. And the next one is going to be the antivirus protection. We slightly talked about it in the beginning of our talk, but there's a lot of misconceptions that people say, all right, but I have this antivirus solution. I paid my subscription. I'm safe. Okay.

Or maybe I'm using some kind of, you know, corporate security solution. And again, I paid 350,000 US dollars a year for the subscription. I must be safe for this, this money that they paid. But in fact, most leaders, again, sometimes they know how to bypass those antiviruses. And this is completely different story. This is a very technical and complex story how they do it. Yeah.

but they can bypass antiviruses. And the second case that again, it involves the human factor, you can have a detection, but you have this person that simply goes and disables the antivirus and run this crack or fake Photoshop or something else again, and nobody will save him. And...

The last one is the misconception about the long and complex passwords. People say, and we talked about this also a little bit, I know that I'm supposed not to reuse the same password. This is a good start. But they use a password manager, they generate completely complex password, and they feel safe because every password is different and every password is complex. But as I mentioned, because the InfoStealer knows how to steal this in a clear

Dino Mauro (48:17.58)
text in a plain text, it doesn't matter if you use a complex password with 10 characters, 50 characters or 150 characters. It will still compromise and deliver to the hacker in the clear text. So this is my overview of some kind of misconceptions of some kind of things Yeah, that's really useful. But in terms of passwords,

And things, I mean, really it gets down to raising your own awareness, being educated, right? Being aware of this stuff and then not doing those those practices of going for the cheaper software, going for the pirated version, right? Going to rogue websites, believing in email without independently verifying. It goes into those recommendations, doesn't it? Yeah, yeah.

I think the best way that everyone that will take from this interview, from this podcast, they will know how to spot those attacks. mean, they will know the delivery methods. And of course, you need to be always aware that those delivery methods are relevant for September 2024. Threat actors, they always, always, always trying to find a new and more creative way how to deliver this malware.

If you know how to deliver to you, at least you will have some tips how to spot it and hopefully to prevent the infection. then you there's what does Hudson Rock Hudson Rock has some some tools available, right? That's correct. Tell us about those. That's correct. First of all, on our website, Hudson Rock.com, we have 100 % completely free tools that are open for

everybody, also for the private people and also for the businesses. And in a matter of seconds, you will able to understand and see your exposure in the info stealer attack. today, that's really good. I'll put a link to that in the show notes so that people can can can go to that and the link I'll put in the show notes will not be infected by an info stealer. Yeah.

Dino Mauro (50:39.948)
So imagine those tools like have I been found by for the info steer attack. Okay. So this is number one. And I invite everybody here, go and check your exposure. If you're a business, will able to understand what is the level of your exposure, how many compromised employees, how many compromise third party services that you have.

how many users that are using your platform were affected by this tier. So we show this in a very, very nice way that you will able to understand exactly your exposure and not by saying like, yeah, your domain was in the info tiers, good luck. So this is number one, 100 % free. It will stay free and we invite everybody to check us out. So that's really good. And what I like about Hudson Rock is it's not like,

You have to go through all these hoops to get it. And then you're going to try and sell them a bunch of stuff in order to get the data. No, it's like you're doing it as a public service, which is to me the right thing to do. I even can say more. And the moment that you see that you have exposure and right now I'm talking about the businesses, yes? Right, yes. You can reach out to us and we have an ethical disclosure policy. We will able to give you your own data that you can investigate it.

In-house and you know to do some kind of proper mitigation services. Of course, we have a team that will happy to jump on a call with you Explaining about this infection or basically what happened there how you can solve this And also here 100 % free That's great. Yeah, that's great I'm in Leonard. That's why I'm so impressed with what Hudson Rock does like like doing that service is so

needed today because so often people just get sold. You know, one of the problems I have with the cybersecurity industry is when you go to these conventions, right, you go to the black hats and, and, and, some of these, there's all these companies that are like, if you buy our product, you will be secure. And they make these really, really bold claims. And I'm like, I think we're over as an industry, we've been over promising and under delivered.

Dino Mauro (53:00.876)
right? And I think there needs to be more public service, more just educating people, no strings attached, like, you know, letting them see the risks, like Hudson rock will show them no strings attached, just doing that. Because to me, then you build credibility and now they trust you and now they want to do business with you because they know you weren't being sleazy about it. Right? I think it's awesome.

I think the way you guys handle things is great. The last one, we have the info-sealers.com website. This is our second website, and this is full of different kinds of completely public research that we aggregate also from other companies and we publish to really cool blogs by ourselves. have a really talented research team that is led by our CTO, the co-founder, Alon. And we have a lot of also educational.

Data there again 100 % free. Everybody's welcome to check info Steelers.com. Yeah, info Steelers.com as easy as it sounds. Yeah, that is that is pretty easy. So that's good. I will link that also in the show notes. Leonard, thank you so much. Before I let you go, what did you want to? What did you want to be when you grew up like? know, like here in America we don't have that when you turn 18 you have to.

do two years in the military. When I was that age and I was in school, a lot of my friends were from European countries and other countries and they all had to go back and go serve. And I always thought it would have been a good thing for lot of Americans to have that. But that's what really got you into serving and protecting physically and then you migrated from there into the digital world.

But what did you want to be when you were a kid? You never knew you were going to wind up here, did you? That's correct. Even the day that I went to the military, I even didn't know what I'm going to do. I just show up. Yeah. I mean, that's normal, actually. I mean, there's always those kids that knew, like, I want to be a doctor, even when they're young. I'm like, how do you know that? I wanted to be like a rock star or something else when I was a kid.

Dino Mauro (55:21.742)
Right? Like I had no idea what I was going to do. What I know for sure that I always was passionate about some unique and cool things. All right. Yeah. So this is the reason that I ended up in the dark with research because this is something that is pretty fascinating. I find it. I think it's fascinating. This is unique and this is something that is super interesting is something that is not a lot of people are doing.

And a little bit easy for me because you know, everything that was in Russian, I speak Russian at the native level. So, so. you're able to even understand it and translate it. That's great. That's wonderful. Yeah. Yeah. And I don't have any, no, any issues with the communicators then speaking about the ideology because a lot, a lot of work there. There's what we call the virtual human, the human intelligence. You do undercover engagements with them and Russian language is very. It's very, and there's a lot of dialects. There's a lot of different dialects too.

You can spot immediately if somebody is using all translated yes or no. Yes, exactly That's great. So I think I was always passionate about this unique things and hopefully I will continue my Career in all things that are a little bit slightly different at others. That's awesome. Well, I know Roseburg Thank you so much, sir. Very very grateful and we will have links to the information that we discussed in the show notes

And thank you so much for your time. Really appreciate it. Thank you, David. Thank you. Okay. I'll talk to you soon. Bye bye.

Dino Mauro (57:00.782)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.

People on this episode

David Mauro

Host