{"id":3265,"date":"2025-10-17T13:55:02","date_gmt":"2025-10-17T13:55:02","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/10\/17\/security-teams-must-deploy-anti-infostealer-defenses-now\/"},"modified":"2025-10-17T13:55:02","modified_gmt":"2025-10-17T13:55:02","slug":"security-teams-must-deploy-anti-infostealer-defenses-now","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/10\/17\/security-teams-must-deploy-anti-infostealer-defenses-now\/","title":{"rendered":"Security Teams Must Deploy Anti-Infostealer Defenses Now"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Infostealers are driving today\u2019s ransomware wave and stealer logs can be bought for as little as $10 on the dark web.<\/p>\n<p>At ISACA Europe 2025, Tony Gee, a principal cybersecurity consultant at 3B Data Security, urged security teams to deploy tactical defenses to protect against infostealers.\u00a0\u00a0<\/p>\n<h2>Evolution of Infostealers<\/h2>\n<p>Since the early 2000s infostealers have become a common weapon in the arsenal of cybercriminals to gain initial access to targeted systems, with the emergence of keyloggers such as Zeus and SpyEye.<\/p>\n<p>Around the early 2010s, new infostealer families like Vidar, Trickbot and Emotet, began integrating the capability to extract cryptocurrency.<\/p>\n<p>Now, a wide variety of new infostealers frequently appear with different features and capabilities, expanding a market that has largely been dominated by LummaC2 and Redline.<\/p>\n<p>Today, stealer logs (the output that infostealers produce) can be found for sale for as little as $10 on some Russian-language dark web marketplaces, according to Gee\u2019s research.<\/p>\n<p>The security consultant argued that the best way to defend against infostealer infection is through specific technical security controls.<\/p>\n<p>\u201cThere are basic controls that you can implement, of course, such as adopting a zero trust architecture, ensuring a good password policy and robust network segmentation that includes separating privileges and provide security awareness training,\u201d he said.<\/p>\n<p>However, these alone are not sufficient to prevent infostealers. Gee provided six additional technical controls organizations should implement.<\/p>\n<h2>Top Six Technical Measures to Mitigate the Infostealer Threat<\/h2>\n<h3><strong>Regular Password Changes<\/strong><\/h3>\n<p>Although frequent password changes can be burdensome, they are an efficient measure to mitigate the impact of credential theft and infostealer infections.<\/p>\n<p>\u201cThe passwords that gets exposed in the stealer logs will then be changed by the time that someone comes to use it,\u201d Gee explained.<\/p>\n<h3><strong>FIDO2-Enabled Multifactor Authentication<\/strong><\/h3>\n<p>Multifactor authentication (MFA) with a FIDO2-enabled technology is also \u201cstrongly recommended\u201d against infostealers, especially for users with administrator privileges.<\/p>\n<p>Gee argued that such a security measure will make it harder for a threat actor to sign in to systems and services, even with comprehensive logs on the user which have been stolen through infostealer malware.<\/p>\n<h3><strong>Forced Authentication<\/strong><\/h3>\n<p>The \u201cforce authentication\u201d process refers to a policy where security teams require staff members to re-authenticate every time they try to gain access to somewhere sensitive within company systems or on the internet.<\/p>\n<p>\u201cIt means that, instead of just using cookies to just rinse your entire domain, you have to step through multiple authentication steps,\u201d Gee explained.<\/p>\n<h3><strong>Session Token Expiration<\/strong><\/h3>\n<p>Security teams ought to shorten the lifespan of authentication tokens, Gee also recommended.<\/p>\n<p>\u201cThis method should be especially implemented for bring-your-own-device (BYOD) situations. One of the companies I work with has all cookies expire every day. It makes it really annoying to log in every day, but it&#8217;s very secure.\u201d<\/p>\n<h3><strong>Cookie Replay Detection<\/strong><\/h3>\n<p>Another of Gee\u2019s recommendations is for security teams to implement cookie replay detection processes on the browsers used by their workforce.<\/p>\n<p>This security mechanism identifies and blocks fraudulent attempts to reuse stolen or intercepted session cookies (e.g. in replay attacks) by tracking cookie usage patterns, timestamps or unique identifiers.<\/p>\n<p>It helps prevent unauthorized access by ensuring cookies are used only once or within valid contexts.<\/p>\n<h3><strong>Suspicious and Impossible Travel Monitoring<\/strong><\/h3>\n<p>Finally, Gee recommend security teams to deploy an automated security system that monitors connection locations and provide alerts for \u201csuspicious or impossible travel.\u201d<\/p>\n<p>\u201cThis is when people are logging in twice from two different geographically located places in a short period of time, for instance. That\u2019s an indicator of suspicious activity,\u201d he concluded.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Infostealers are driving today\u2019s ransomware wave and stealer logs can be bought for as little as $10 on the dark web. At ISACA Europe 2025, Tony Gee, a principal cybersecurity consultant at 3B Data Security, urged security teams to deploy tactical defenses to protect against infostealers.\u00a0\u00a0 Evolution of Infostealers Since the early 2000s infostealers have<\/p>\n","protected":false},"author":2,"featured_media":3266,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3265","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3265-7f33c411-294b-4ac4-b3ef-ef710f3fc8eb-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=3265"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3265\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/3266"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=3265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=3265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=3265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}