惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Check Point Blog
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
U
Unit 42
美团技术团队
NISL@THU
NISL@THU
C
Cisco Blogs
SecWiki News
SecWiki News
N
Netflix TechBlog - Medium
Forbes - Security
Forbes - Security
Cloudbric
Cloudbric
雷峰网
雷峰网
T
Tailwind CSS Blog
博客园 - 司徒正美
The Register - Security
The Register - Security
L
LangChain Blog
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
B
Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Threat Research - Cisco Blogs
I
InfoQ
S
Schneier on Security
L
Lohrmann on Cybersecurity
量子位
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Martin Fowler
Martin Fowler
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
TaoSecurity Blog
TaoSecurity Blog
K
Kaspersky official blog
Google DeepMind News
Google DeepMind News
Cisco Talos Blog
Cisco Talos Blog
PCI Perspectives
PCI Perspectives
Attack and Defense Labs
Attack and Defense Labs
WordPress大学
WordPress大学
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
D
Docker
N
News | PayPal Newsroom
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Hacker News: Front Page
云风的 BLOG
云风的 BLOG
Microsoft Security Blog
Microsoft Security Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 聂微东
Webroot Blog
Webroot Blog
MongoDB | Blog
MongoDB | Blog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
A CISO
Karen Kent · 2026-06-22 · via Search Security Resources and Information from TechTarget

Infostealers aren't new. But what is new is that almost anyone -- regardless of skill -- can now deploy the malware. Update incident response plans to safeguard your operations.

Infostealers do exactly as their name implies: The malware secretly steals sensitive information, such as passwords and financial information, from user endpoints and then transfers that information to a location selected by the attacker.

Infostealers have become far more prevalent in recent years, underpinning dark web markets where attackers actively buy, sell and trade the sensitive data they acquire. Unlike ransomware, where attackers draw attention in hopes of soliciting ransom payments, infostealers do their thievery in silence.

Let's examine how infostealers work to provide CISOs, security leaders and practitioners with infostealer prevention and detection recommendations.

How infostealers work

Infostealers typically employ a botnet architecture. Under a malware-as-a-service model, attackers essentially rent or subscribe to infostealers, configure them as desired and then launch attacks against endpoint targets. Attack methods vary widely, ranging from phishing attacks and malicious links to social engineering and silent drive-by downloads.

Successful attacks infect user endpoints, which then become bots themselves, providing bad actors with command-and-control capabilities. Some infostealers do more than just steal data -- for example, installing additional malware.

Infostealers aren't new. Malware has been stealing data for decades … What is new is how easy it has become for anyone, regardless of skills, to use infostealers at scale.

Attackers primarily seek user credentials, including usernames, passwords and secret cryptographic keys. They might also look for crypto wallets, bank account information and other financial data. Other common targets include:

  • Documents, spreadsheets and other files containing sensitive information.
  • Web browser history, cookies and autofill values, such as saved passwords and credit card numbers.
  • Technical information about the endpoint itself, its OS and its applications that can help attackers to plan future attacks.

How to respond to an attack

Infostealers aren't new. Malware has been stealing data for decades, and the methods infostealers use to infect endpoints, such as phishing and drive-by downloads, aren't new either. What is new is how easy it has become for anyone, regardless of skills, to use infostealers at scale. As a result, organizations are likely to face an increasing number of infostealer attacks.

Enterprise incident response plans and procedures should already address the gamut of infostealer attacks. However, considering their frequency and impact -- such as enabling access to admin accounts and decrypting and stealing sensitive information -- it is worth reviewing incident response programs with infostealers in mind. For example, investigate how the organization would respond to a widespread infostealer attack affecting many endpoints simultaneously. Adjust processes and priorities as needed to reflect the significance of infostealer attacks. And be sure to include infostealer scenarios in incident response tests and exercises.

How to detect and prevent infostealers

Detecting and preventing infostealers requires using all of the tools designed to safeguard your operations, including the following:

  • Train users on cybersecurity basics, especially cyber hygiene and acceptable use.
  • Use antimalware, antiphishing and antispam technologies on endpoints and on network-based devices to prevent infostealers from reaching endpoints and being installed.
  • Keep all endpoints fully patched, properly configured and hardened to minimize their attack surfaces and their exploitable vulnerabilities.
  • Continuously monitor all endpoints, email servers, networks and other associated systems for the presence of infostealers and infostealer command-and-control communications.
  • Enforce the principle of least privilege.
  • Use allowlisting/denylisting technologies on endpoints to restrict which applications can be executed.
  • Constantly monitor endpoint logs and cybersecurity technology logs to identify signs of attempted and successful infostealer installation and use.
  • Avoid using passwords only for credentials; instead, require MFA or other stronger authentication factors.
  • Encrypt sensitive information at rest to make it more difficult for infostealers to access.
  • Consider prohibiting the use of web browser autofill features, which could make it easier for infostealers to access passwords, financial account numbers and other sensitive data.

    Karen Kent is the co-founder of Trusted Cyber Annex. She provides cybersecurity research and publication services to organizations and was formerly a senior computer scientist for NIST.

    Dig Deeper on Threat detection and response