Many small or medium-sized businesses (SMBs) rely on password managers to simplify and secure their authentication processes, but these tools are now under attack. A recent study revealed a startling rise in malware targeting password managers, with cybercriminals adapting their tactics and growing more sophisticated by the day.
The rising threat of infostealers
Infostealers, also known as information stealers, are a type of malware designed to hijack and transmit sensitive data from a victim’s computer. They can come in many forms, such as keyloggers or spyware, but their main goal is to collect login credentials and other valuable information.
The study by Picus Security uncovered alarming growth in infostealers designed to target credential stores, including password managers. By analyzing one million malware samples, researchers confirmed that 93% of malicious actions use just 10 common hacking methods.
Why are password managers a prime target? Their centralized nature makes them convenient for users but equally appealing to cybercriminals. By breaching just one password vault, attackers can gain access to a wealth of credentials across multiple accounts and platforms.
Malware in action: RedLine and Lumma Stealers
Two notorious infostealers leading these attacks are RedLine Stealer and Lumma Stealer, each targeting victims in unique ways.
- RedLine Stealer is often spread through phishing attempts or fake websites. It specializes in extracting data from web browsers, email applications, and other credential storage locations.
- Lumma Stealer operates as a Malware-as-a-Service (MaaS), allowing criminals to rent the malware and use it to steal payment credentials, cryptocurrency wallets, and other sensitive information.
Malware tactics are changing. With operating system defenses improving, old methods such as credential dumping are less effective. Modern infostealers now target weaker but valuable areas, such as password managers.
The dark web surge
The stolen credentials don’t just stop with the initial hacker; they often end up being posted for sale on the dark web. Initial access brokers profit by reselling credentials that give hackers easy access to enterprise systems. These stolen credentials are then used in major ransomware attacks.
Why password manager attacks are increasing
Cybercriminals are adapting their tactics to target password managers for several reasons, including their effectiveness and ease of execution.
- Minimal skill requirement – Most infostealers only need basic user-level access to scrape stored credentials, making attacks fast and easy.
- Automation – Many attackers leverage automated tools to extract information, streamlining cyber theft.
- Password reuse – If businesses use repeated passwords across accounts, stolen credentials can lead to broader credential stuffing attacks, exposing an entire network.
For SMBs, such attacks can be devastating, resulting in operational disruptions as well as financial losses and reputational damage.
Protecting your credentials with secure technologies
SMBs must take decisive action to protect themselves from these growing threats. Here’s how you can stay ahead of attackers and secure your password management systems effectively.
- Adopt zero-knowledge encryption password managers. With zero-knowledge encryption, even if the vault is breached, no one can read the stored credentials.
- Enable multifactor authentication. Do this across all user and administrator accounts, making it harder for hackers to gain access.
- Train your users. Educate employees about phishing attempts and other malware entry points. Teach them to recognize suspicious links and avoid downloading attachments from unknown sources.
- Regularly update software. Make sure all software, including operating systems, browsers, and password managers, is updated with the latest patches to minimize vulnerabilities.
- Review logs for unusual activity. Monitor activities in password managers and look for suspicious access or login attempts outside regular patterns.
Password managers are indispensable tools for managing multiple accounts safely, but they’re not invincible. For SMBs, proactive security measures should be part of a broader strategy to strengthen operations against emerging threats.
Safeguard your business from various threats — contact our security experts to get started.
