Vakaris Noreika, a cybersecurity expert at NordStellar, recently highlighted how bad actors can buy leaked data that can lead to creating a devastating, million-dollar security breach for as low as $100.
In 2024, the average data breach cost was $4.88M, an increase of 10 percent since 2023. As the financial ramifications of confidential information leaks have reached record highs since the height of the pandemic, Noreika says that businesses should be especially vigilant about the looming infostealer threat. Infostealers are malware designed to infiltrate systems and devices and steal personal data. They can collect various information, including credentials, cookies, financial details, and even miscellaneous files on a compromised device, like photos or documents.
“Infostealers have been a significant cybersecurity concern for years due to the impact of their attacks. They’re quick, easy to spread, and highly efficient, and anyone can become a target,” says Noreika. “Usually, their attacks are random, but in some instances, cybercriminals can also use infostealers for targeted strikes.”
Low Cost, High Reward
Noreika explains that infostealers are spread through phishing emails, malicious advertisements, and other scams that involve a victim accidentally downloading malware. Once the infostealer has access, it collects all available data and compiles it into a stealer log, which houses emails, passwords and other valuable information. These stealer logs are sold on the dark and deep web as well as Telegram channels.
“Dark web users can purchase stealer logs by subscribing to a private channel. The average price for a weekly subscription is around $81, and the monthly subscription is about $200,” explains Noreika. “Typically, cybercriminals can buy 16 gigabytes of personal information for just $1.”
Screenshot from a dark web forum selling stealer logs. Source: NordStellar
How Hackers Use Infostealers to Target Companies
According to Noreika, the stealer logs contain the personal information of all individuals compromised by infostealer attacks, indicating that the victims are a broad mix of users rather than specific individuals. Bad actors buy these stealer logs to commit identity theft, empty bank accounts, or use the obtained personal information to carry out more personalized scams against the victims for financial gain. However, finding credentials linked to a business is the ultimate hacker jackpot.
“If an employee’s credentials happen to end up in a stealer log, hackers can easily identify the company by checking the email domain and use those credentials to infiltrate an enterprise’s network,” says Noreika. “Once the cybercriminals are inside the network, they can steal more valuable data, like personal client information, company secrets, and other confidential documents, or shut down their operations and ask for hefty payouts to get them running again.”
Alternatively, hackers can purchase infostealers as a service. Instead of buying confidential information that was previously stolen by other infostealers, cybercriminals purchase notorious malware like RedLine or LummaC2 to use at their own disposal.
“The subscription fees for infostealers as a service vary — they can be as low as a couple of hundred dollars or cost over $1,000. The end price depends on the functionality, efficiency, and complexity of the infostealer,” says Noreika. “By purchasing infostealers as a service, cybercriminals gain full control over how and where the malware is deployed, enabling them to conduct highly targeted attacks. This poses a serious risk to businesses, which are much more attractive targets than individuals as successful attacks can lead to significantly higher financial gains.”
Screenshot from a dark web forum selling infostealers as a service. Source: NordStellar
To safeguard against infostealers, Noreika suggests businesses focus on their first line of defense — their employees — and build a comprehensive cybersecurity strategy that can prevail if they make a mistake.
“It’s necessary to ensure that employees are aware of how infostealers are distributed and refrain from interacting with suspicious emails, visiting malicious websites, or downloading unauthorized files that can contain malware,” says Noreika. “However, some user error is inevitable. If an employee slips up, a strong cybersecurity foundation, consisting of an antivirus solution, multi-factor authentication, strict network segmentation policies, and active dark web monitoring for company or employee data leaks, will ensure the business stays protected.”