Home - Article

Featured Article

April 09, 2024

SpyCloud Report Urges Vigilance as Malware Fuels Data Breaches

Consumers and businesses alike face a growing threat in the digital age:

Data breaches.

These incidents expose sensitive personal information and put individuals at risk of identity theft and financial fraud. To understand the scope of the problem and the evolving tactics of cybercriminals, cybersecurity firms regularly analyze data breaches and compile their findings.

One such report, the annual Identity Exposure Report from SpyCloud, sheds light on the concerning trends in data breaches.

The report found an increase in exposed data, with researchers recovering 43.7 billion distinct identity assets in 2023. This is a troubling jump compared to 2022, where only 8.6 billion records were found exposed. Even more concerning is the surge in sensitive personal details. The report found over 32 billion records containing things like names, phone numbers and even Social Security numbers, which is nearly four times more than the previous year.

This increase highlights the growing threat of identity theft and the importance of protecting personal information.

The report also highlights how stolen data empowers criminals. Researchers analyzed exposed identities on the black market and found the average identity appeared in nine breaches and was linked to 15 breach records. This data empowers criminals to commit account takeover, fraud and ransomware attacks.

So, what is a big key factor in the rise of identity-based attacks?

Oh right, the proliferation of malware.

SpyCloud found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were linked to infostealer malware. This malware can steal a vast array of data, including session cookies, API keys and even cryptocurrency wallet addresses, allowing criminals to bypass security measures like MFA and hijack user sessions.

SpyCloud also found that there is a growing threat of mobile malware. Researchers recovered 10.58 million mobile records exfiltrated by malware between August and December 2023.

This should be concerning for businesses, even those in New York and Connecticut, because compromised mobile devices can expose a wide range of sensitive data, like login credentials, personal messages and even business documents. This stolen information can be used for identity theft, blackmail or further attacks on the victim's network.

Infected devices can also disrupt daily operations. Malware might interfere with critical apps, drain battery life or even render the device unusable. This can be a major inconvenience for individuals and a serious productivity drain for businesses.

Perhaps most damaging is the potential reputational harm. Data breaches and operational disruptions can severely damage an organization's reputation. Customers may lose trust if they believe their personal information is not secure. This leads to lost business and a tarnished brand image.

“Cloud applications, mobile devices and online services have become essential to both our personal and professional lives. When you consider the vast amounts of information that we put online and the likelihood of that information ending up in the wrong hands, our digital valuables have evolved beyond traditional credentials," said Damon Fleury, Chief Product Officer of SpyCloud. "Threat actors are linking together identity records from hundreds of sources to impersonate their victims, making it extremely difficult for platforms to differentiate between legitimate users and criminals."

To combat this threat, a layered approach is crucial.

Firstly, strong technical measures are essential. Up-to-date anti-virus and anti-malware software act as a first line of defense, while firewalls filter network traffic. Regularly patching software and encrypting sensitive data further bolsters security.

Businesses should also train employees to recognize phishing scams and avoid suspicious links. Regular training and simulated phishing attacks can test employee preparedness. Additionally, limiting employee access to only the data they need for their jobs minimizes potential damage from a breach.

Another step is to implement endpoint detection and response systems continuously monitor systems for unusual activity, while regular data backups and a disaster recovery plan ensure a swift response to an attack.

All in all, the fight against malware will not go away. Businesses everywhere must constantly evaluate their security posture and adapt their strategies to the tactics of cybercriminals.

Edited by Alex Passett

Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.


Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...



Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...



Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...


Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs

Contact us Now!