The Phish Bowl
Get a front-row seat to the ever-evolving world of cybersecurity. Hosted by Stephanie Schneider and Michael Kosak, each episode dives into the latest threat patterns, attacker tactics, and emerging digital risks—arming you with the insights you need to stay one step ahead. Whether you're a seasoned pro or just cyber-curious, we’ve got you covered. Presented by LastPass.
The Phish Bowl
Infostealers & the Evolution of Cyber Threats to North America
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Mike and Steph break down the latest cyber threats impacting North America, with a focus on the growing prevalence of infostealer malware and IT worker schemes. They’re joined by Principal Intelligence Consultants Grayson North and Justin Timothy from GuidePoint Security to explore how these tactics are evolving and what organizations can do to stay ahead. It’s a deep dive into deception, and trust us, you’ll want to keep your fins on this one.
🔗 Read our blog to learn more about the work we're doing with GuidePoint Security: https://blog.lastpass.com/posts/joint-report-lastpass-guidepoint-security-infostealers
🔗 https://info.lastpass.com/threat-reports - Looking for more threat intel? Download our monthly threat report for deeper analysis, regional stats, and expert insights.
Mike Kosak
00:05 - 00:10
Welcome to the fishbowl. We are your hosts.
I'm Mike Kosack.
Stephanie Schneider
00:10 - 00:11
And I'm Stephanie Schneider.
Mike Kosak
00:11 - 01:22
And each month, we'll be taking a plunge into cybersecurity threats. From nation state activity to cybercrime trends and general cybersecurity issues that we're tracking as cyber threat intelligence analysts.
We're gonna be doing this every month and rotating through different regions doing a regional threat overview. Last month, we started with Europe.
Before that was the Asia Pacific region. So please check out these episodes if you're new here and haven't already had a listen.
And then we'll be starting that over next month. So next month, we'll be doing APAC.
So that'll be a recurring recurring pattern for us. Speaking of patterns, for this month, we are looking at North America and North Korean IT worker schemes and really sticking with the North theme for our special guests.
We've got Grayson North and Justin Timothy, who are principal threat intelligence consultants at GuidePoint Security. And we're gonna be talking to them today about their cyber criminal research with a deep dive on Infostealers, that is actually drawn from a joint blog post that we did together with them, which was a ton of fun.
We had a lot of fun, writing it. So, hopefully, you all have a lot of fun, reading it or at least learn something.
Stephanie Schneider
01:22 - 02:01
It's one of our favorite things to talk about, so I'm I'm really excited to to talk to them. But, Mike, before we dive into the fun stuff, I know that last episode, you shared a fascinating fun fact that I had never heard before about getting struck by lightning.
I wanna see if you'll play along again and do a kind of a fun get to know you with our audience since we're still relatively new. I wanted to ask you if you have, like, any hot take that you feel very strongly about that probably a lot of people would disagree with.
Mike Kosak
02:01 - 02:46
Yeah. I mean, it's tough to tough to top getting hit by lightning.
But, you know, I think I guess I'll just lean into my my role that I have grown into as a generation x misanthrope and, and start out by saying, I think in retrospect, I think Alice in Chains ended up being the best grunge band that came out, better than Nirvana, better than Pearl Jam. I know that's certainly a niche, niche opinion, but it is a hot take.
I have had a lot of heated debates about that, we'll say, in my day, which probably also shows what a dork I am. You really outed yourself as a Gen Xer and a nerd, with your musical taste.
I appreciate it.
Stephanie Schneider
02:46 - 04:21
I actually, on the music note, my hot take and I feel like a lot of people would agree with me on this one, but I you influenced me to watch k pop demon hunters. Even though it's a kiddie movie, I thought the movie was pretty good, but the songs are a bop.
And, like, I cannot get them out of my head. It's it's really fantastic.
So let's let's kinda pivot and talk cyber threats, which is what we're here for. So today, let's we'll start with a regional threat activity trends that we're seeing in North America.
Just a few things I think stand out that I thought were worth doing a little bit of a deeper dive into here, and one of those is ransomware. The US, by far, was the most targeted country by ransomware in the 2025, like, significantly more than any other country.
The US had over 2,000 attacks, and Canada came in second place and only had 249 attacks. So just a huge discrepancy.
And GuidePoint also published a report looking at ransomware attacks just at quarter two of this year, and their findings back this trend up too. About 50% of ransomware attacks targeted The US.
Mike Kosak
04:21 - 07:09
Just this week, I know Lovesac was hit with a ransomware, attack. Few weeks ago, Erie Insurance was hit.
So, this is obviously still just as as pervasive as it's been for the last few years. And that coincides with with the other thing we wanted to call out, which was, the cost associated with data breaches.
So, like, for instance, ransomware, but other data breaches too in general. So IBM just came out with their cost of a data breach report.
There's an interesting juxtaposition between The United States and the rest of the world, actually, when it comes to cost of a data breach that's that's worth calling out. So IBM actually found that, the cost of a breach grew to more than $10,000,000, driven largely by steeper regulatory penalties and and rising detection and escalation costs.
But this is, in in this is, out of step with the rest of the world where, actually, costs fell. So, about a 9% decrease over the last year in the rest of the world.
So, you know, while the rest of the world is seeing decreasing costs and those they they IBM associates with, organizations becoming faster at identifying breaches, developing their own organic response capabilities. So an interesting bifurcation in trends there between The US, who's seeing an increase in costs, and basically the rest of the world that's seeing the the the cost go down.
Sticking with the North theme, the North remembers here, we're gonna move on to North Korea now and the North Korean IT worker scheme. For those who aren't familiar, what this is is North Korea's efforts to infiltrate primarily Western, tech companies and and crypto related companies, basically IT companies, their workforce with North Korean workers for the purpose of, one, gaining access to intellectual property, and, two, siphoning up all of that salary money and then sending it back to the regime.
So that's the the the primary goal of it. And and the way they do this is, by, by creating laptop farms usually working with some sort of coconspirator within the country they're targeting.
So they'll stand up a laptop farm with, like, 80 to 90 computers or more. That will be the physical presence in country.
They'll set up some sort of fictitious, identity, get that person in the door and hired through a a a number of methods. Once they're hired, that computer is sent on, and then basically, they just pretend they're working or they will do actual work, because they they wanna generate that money.
And then, and then send the money back to the regime and occasionally, you know, that will also support crypto theft or intellectual property theft.
Stephanie Schneider
07:09 - 09:03
Yeah. And and I think the use of AI here is really interesting because DPRK hackers extensively use various AI tools and deepfake technologies to really facilitate their recruitment efforts, stay in their operations, try to, trick hiring managers and companies, and, pretty effective at it, it seems.
So they're not just using AI to write code or automate tasks. Right? They're using AI to help write their resumes to eliminate any, kind of misspellings or grammatical mistakes that they might make otherwise since it's not their first language, using AI generated images on LinkedIn.
This one's really interesting to me is using deep fakes to hide their faces in online interview so they can actually use this technology to just kind of put another face on top of theirs that kind of mimics and and generally looks like, it's another individual in front of the camera. The technology is still, it's it's there are still advances to be made to make them even more convincing, but we're definitely moving in that direction.
Also, you know, applying to job applications in math, a lot of times, they'll just blast out, their resumes and see who bites. So it's really kind of a numbers game.
And then, you know, if they are hired by an an unwitting company, right, the way that they move the money is is, a little bit interesting, right, because the salary will go into an account held by a facilitator who then wires the money to the workers' account, and then that's transferred to a DPRK government account.
Mike Kosak
09:03 - 10:41
Sounds like a lot of work for a country to generate income. But if you look at at the relative standing of North Korea compared to the rest of the world and their economy, it makes a lot more sense.
So their real GDP last year, was about $26,600,000,000. So that's and and and grew about 3.
7% over, year over year. So, which is their fastest annual pace of growth in eight years.
But to put that in perspective, the state of California alone had a GDP of about $4,000,000,000,000. So you're talking about a nation state versus a state.
Obviously, you know, that is a sharp that is apples to oranges in so many ways, but it just gives an idea of relative GDP, for a nation state. So the nominal gross income for individuals per capita within North Korea is was about $1,200.
So you've got individual motivation to participate in this because it gives them the opportunity to to to develop a better life because a lot of these programs will move them out into other countries where the Internet, connectivity is better, the the infrastructure is better. They get more freedom because they're out of North Korea.
They get, a lot more access to money. So financially, it makes sense for them.
One point I do wanna call out because I found this fascinating. Exports climbed quite a bit last year for North Korea by, about $360,000,000, thanks in large part to shipments of wigs.
So if you take nothing else away from, this podcast, please know that North Korea has a burgeoning wig market.
Stephanie Schneider
10:41 - 10:58
That is fascinating, and I'm I'm very intrigued by this. But, I mean, this whole setup is quite lucrative as you mentioned.
Do we have any sense of how much money has been made from this scheme?
Mike Kosak
10:58 - 12:51
Yeah. The most recent, the most recent overall estimate I saw was in the DOJ report, and they just pegged it at about hundreds of millions of dollars.
But, again, against the the GDP of 26,000,000,000, that's not a small amount. You combine that with with their crypto theft activities and stuff like that, and that's a substantial portion of their GDP.
Individually, you know, we you touched on some of the North North Korean worker aspects of this and and and how it can help their finances and and how some of them don't even you know, are doing this against their will. But, you know, when we talked about the recruitment and and the establishment of of, local infrastructure in July, there was an example of this.
An American woman, Christina Marie Chapman, was sentenced for eight and a half years for helping, North Korean operatives land jobs at more than 300 companies, and generated over $17,000,000, for for the regime, which is, again, like, not, you know, not just a drop in the bucket for a country with a $26,000,000,000 GDP. And and this the other thing is too.
So we look at that's one person exposing 300 companies to this. Those companies are at risk of violating sanctions, you know, without even knowing.
A good example and and I give KnowBe4 a ton of credit for this because they were super upfront about it, which is the best way, you know, light as a disinfectant. As far as, you know, they were super upfront and transparent about their experience.
They had somebody get get past the goalie, get hired, get into get into the company, and and they detected them and and, you know, obviously took all the right steps to to mitigate the risk and and limit exposures and that sort of thing. Dug deeper found that they had experienced or or been the the the target of at least a 100 applications, and they were super upfront.
I mean, talking through, like, what they experienced and and and the TTPs that they saw so that other companies can take steps to protect themselves.
Stephanie Schneider
12:51 - 13:54
I mean, that that's great that, like, I think just raising awareness so that companies are aware that this is happening and, the US government is also, catching on and has been, I think, quite effective in going after this scheme. But US authorities have cracked down on people who have maybe knowingly or unknowingly helped the DPRK regime evade sanctions.
They've offered millions of dollars for information. Treasury just announced new sanctions in August.
And then back in June, the DOJ also conducted a massive raid and searches at, like, a bunch of suspected laptop farms across 16 states. And then last month, the US government put out a joint statement with Japan and South Korea on ongoing cooperation.
And those three countries have worked together on stopping the scheme since 2022 because it really is a global international issue.
Mike Kosak
13:54 - 15:47
Yeah. And we've seen this scheme evolve quite a bit since 2022.
And and North Korea in general targeting of employment as a whole, you know, they were they were really at the forefront of social engineering and trying to get job applicants to, who are at targeted companies to apply for roles so they could get malware onto their machines and then conduct operations from there. They've, once they're fired, they'll threaten to release data.
They'll they'll exfiltrate data, and then it, you know, effectively turns into an extortion attack. We've seen a pivot more towards European companies, specifically within the defense industrial base and government sectors.
But the good thing is, you know, there are red flags that we see as commonalities across all of this. So as you mentioned, Steph, there's a heavy use of of AI face swap software.
There's more technology coming out along these lines. There's a company called NameTag that's that's that's introducing new technology to help with identity verification, like, in real time.
Oftentimes, they will have profiles with, very western sounding names, so stuff like Brian Jones. Oftentimes, they'll be detected by OPSEC lapses.
So if they're using proxy networks or something like that or or or, proxy IPs, you know, there'll be a drop where where you can see where the the Internet traffic is really coming from. They'll struggle to answer questions in an interview about who they are, like, just basic questions.
I've also heard and I forget who it was. It might have been CrowdStrike has spoken about this.
But just as far as a simple method that works is simply asking the individual their opinion on Kim Jong Un or trying to get them to say something negative about Kim Jong Un, which is, has has has proved to be remarkably effective, apparently. I have not had this opportunity, but, has has proved to be proved to be quite a red flag.
Stephanie Schneider
15:47 - 16:56
Now we're going to talk to our special guests, Grayson North and Justin Timothy, who are both principal threat intelligence consultants for GuidePoint Security’s research and intelligence team, AKA GRIT, about info stealers. GRIT's such a great name.
I love that. So Grayson North works on cybercrime research, intelligence analysis, and incident response functions on behalf of the firm's clients.
His career background includes systems administration and cyber security operations and has also worked as a individual contributor for a Fortune 500 company and as a consultant for several clients. Justin Timothy focuses on threat intelligence research, ransomware activity, and reporting to support clients across various industry verticals.
Before joining GuidePoint, Justin worked on the malware and cyber threats team at the National Cyber Forensics and Training Alliance where he focused on threat intelligence collections, malware analysis, and supporting client cyber threat intelligence teams. So, Grayson and Justin, thank you so much for joining us.
Grayson North
16:56 - 16:57
Thanks for having us.
Justin Timothy
16:57 - 17:00
Yeah. Absolutely.
Honored to be here.
Stephanie Schneider
17:00 - 17:19
Alright. Before we dive in to talking all about Infostealers, Mike and I earlier shared some hot takes on, some music related opinions.
So we wanted to ask you all if you have any music related hot takes.
Grayson North
17:19 - 17:27
I think Taylor Swift's first album debut is actually her best by far. I will not back that up with any facts.
Just my opinion.
Justin Timothy
17:27 - 17:40
Speaking about Taylor Swift seems like a really good way to either make a really lot whole group of people really happy or really mad, so I'm gonna avoid that. I listen to screamo, so my takes may not be relevant for Taylor Swift.
So we're gonna leave it at that.
Stephanie Schneider
17:40 - 18:30
We are very well represented on Musical Taste Front between all the four of us. Let's jump right into the meat of our topic today, which is talking about Infostealers.
So we're so excited to have you guys here because, as you know, the LastPass threat intel mitigation escalations team, time team, we recently joined forces with GuidePoint Security’s grit team and you all to highlight the threats posed by Infostealers. The report covers how Infostealers work from their functionality to how they're sold on the underground market.
They've just been a really major contributing factor driving cybercrime activity since credentials are kind of the keys of the kingdom to accessing digital systems and data.
Mike Kosak
18:30 - 18:46
Yeah. So as we kick this off, I think a good place to start, and I know this is one of the first things we were tackling as as we were working on this, but how do Infostealers differ from traditional credential harvesting malware, and what implications do do you all think it has for enterprise security strategies?
Justin Timothy
18:46 - 19:41
I mean, if you're thinking of, like, traditional credential stealing malware, it kind of feels like something like a key logger where it's really just capturing just the keystrokes that are made and nothing too much else. Infosealers just have so much more capabilities tied to them, and they're just so much more powerful in a sense for the threat actors.
They target passwords that are stored in a credential vault that's usually native to the browser, which unfortunately isn't very secure. So that can give a threat actor access to logins that a user isn't even using.
It also even lets them target things like session tokens and browser cookies, so you can actually recreate those sessions without the need for login, which can bypass MFA. Some of them even have rack capabilities so they can, like, deploy other malware on the machine or even silly things like open the CD drive.
It may not be always helpful, but there's just different things they can do with the Windows API and different things to really just infect the victim's machine. He uses a beach head to really further the malicious activity.
Grayson North
19:41 - 20:05
Yeah. I think the targeting of the browser is really the natural progression of credential sealing malware.
So I would kinda consider infostealers kind of, again, the modern equivalent of that kind of thing. And it makes sense.
Right? I don't know about you guys, but I pretty much live in a browser all day. I don't open up, Outlook for email anymore.
Every single thing we do as a work function is available via SaaS. So it makes sense to go after the credentials for those services.
Stephanie Schneider
20:05 - 21:02
Yeah. And credentials really unlock everything.
Right? I mean, like, from customer accounts to back end systems, like, they really do enable a lot of productivity that's stemming from from just that. And, like, this is why we we talk about all the time, like, anybody's free you know, anybody's credentials can be breached and used and leveraged in a cyber attack for them to get initial access in the system.
And then, you know, once they're in, you know, it it they can oftentimes move laterally across the system to target or or even to downstream third parties, right, to to go to target, what they're ultimately after. And that's why we talk all the time about the importance of, really ensuring that all employees and accounts and credentials are protected, not just, you know, c suite executives or admins.
Mike Kosak
21:02 - 21:29
I'll say too, Justin, going back to your point about the the session tokens, and and you mentioned it too, Grayson. That's one thing we really are interested in as well because we've seen threat actors talk about as as passkeys start to become more common.
They see that as the sort of next, you know, kind of their their next natural target as people move away from passwords. It's gonna be session tokens that will allow them to kinda maintain access.
Justin Timothy
21:29 - 21:42
Yeah. That's a good point.
I mean, any more security practices are saying turn on turn on MFA, keep it on. That's one thing that'll defeat MFA.
That's supposed to be our, like, golden bullet against this credential access. So it it's definitely scary.
Grayson North
21:42 - 22:38
Yeah. And to put a real life, impact to these kind of, credential harvesting operations, we we sit right next to our digital forensics and incident response team.
They're essentially one of our sister team, and we ride along and gather threat intelligence on a lot of their engagements. And one of the things that they handle a lot is ransomware.
And, I I don't know what other firms are seeing right now. We talked to some of them, but it really seems like right now upwards of 80% of all attacks we're seeing are against, VPN.
That that's method of initial access. It's a third act of reusing stolen credentials or harvesting them via an infostealer and then just getting into the network.
Now MFA, is usually not enabled in these cases, unfortunately. And, these companies learn a very expensive lesson.
But, that's one of those things. If you have a browser based way to access your network, you are at risk of having your session stolen token, session tokens stolen, or your credentials stolen.
Stephanie Schneider
22:38 - 22:52
That's a great transition to kind of trying to understand, you know, why we've seen this explosion of infostealers and what, in your opinion, are some of those factors that are driving this trend?
Grayson North
22:52 - 23:57
Yeah. I I I think a major, factor here is the transition of the network perimeter.
Traditionally, we've thought about the network perimeter as your firewalls, your, web application, your email gateway, things like that. That that that's where the threat actors would try to hammer on to to get home all day.
Now, really, identity is the new perimeter. I was very much, in progress before COVID, but the work from home mandates from many large companies really accelerated a lot of this browser based work access and the use of SaaS for everything from Salesforce to email to word processing, everything like that.
It it it all happens in the browser and, with it came a whole bunch of really sensitive data and thus attack surface for people looking to steal and and and at least extort some of that stolen data. So, it's kind of a natural transition there from traditional network defense to defending the identity.
And infostealer is just the, third actors way of evolving to, fight a new battle.
Justin Timothy
23:57 - 24:41
I think another point there too that kind of derives almost everything is money. This isn't just some guy in their mom's basement making a piece of malware.
There's a whole criminal enterprise centered around infostealers, and it's multiple chains too, where money's changing hands to different people. So if somebody is able to pop a victim through, like, a an SEO or search engine optimization sponsored website, that gets one person.
Well, the threat actor might not even use those credentials. They might just sell them on something like Russian market, so they're making money there.
And then that money goes back to the subscription service where they actually bought the infostealer, because most of them work on subscription. It's not a one time payment anymore.
So, really, it's just fueled by money so everybody has an incentive to kinda keep doing cybercrime because it it does pay to some extent for some of these actors.
Stephanie Schneider
24:41 - 25:23
Yeah. I mean, even, like, just looking at some of these incidents.
Right? And, like, seeing how exposed credentials can lead to massive, loss for the company as well, like the Nobitex crypto exchange breach where, Redline Stealer compromised two employees' credentials. That led to over $80,000,000 loss for Nobitex.
So they really are impactful, like, you know, not just for, you know, there's a lot of money to be made, we'll say, for from the from the attacker's perspective and then also a lot of money that can be lost, from the victim's perspective.
Grayson North
25:23 - 26:07
I I think an an interesting note to, put on talking about the monetary loss is, we we do a lot of research where we go on these dark web marketplaces where threat actors hang out and buy and sell some of these credentials. And you would be shocked how inexpensive a lot of these are.
Though you generally sell either packages based on targeting a specific victim or they'll just sell the individual, infostealer logs. And honestly, the going price for these is $10, which doesn't seem like a lot, but it adds up when you've got thousands of them out there.
And if you think about it, somebody with bad intentions and the right opportunity could purchase those $10 credentials and do millions and millions of dollars of damage.
Mike Kosak
26:07 - 26:36
I'd say too the availability of the the number of of, info sellers that have leaked their source code as well that make it super easy for people to jump into this marketplace. I mean, there's new info sellers every week.
Anybody who wants to, you know, make this money that we're talking about here, it's not difficult. The technological barriers to entry for this compared to kind of designing and creating your own malware are minimal.
When there's plenty of good stuff out there, you just need to change a couple lines, kinda make it your own, and and then you take it and run with it.
Justin Timothy
26:36 - 26:43
You might not even need to do the coding yourself. You can just vibe code it with AI now too, which is even scarier.
Yeah.
Stephanie Schneider
26:43 - 27:22
Yeah. And then when we throw the malware as a service model into the mix, right, then it's just, like, anyone can can do this because it just really lowers the barrier to entry, like, to y'all's point.
Like, they can, you know, either try to, you know, adapt, build the code themselves, or they can hire it out the hardest activity out and, you know, it's just super easy to to do. But maybe could Grayson or Justin, could you all explain kind of how this malware as a service model works and really contributes to the proliferation of of infostealers?
Grayson North
27:22 - 28:43
So, basically, the way the malware as a service ecosystem works is that there's a couple different and pretty technical and complex steps that you have to achieve in order to get to the end goal of your malware. Whether that be infostealer or persistence or or what have you.
And every step of the way, there's a significant amount of friction involved. You may be a bad guy that wants to steal credentials, but you won't know how to set up a web server for collecting stolen credentials.
Or maybe you don't know how to write the malware in the first place. Maybe you don't know how to deliver it to your targets, to your end users.
Maybe you don't know how to set up the infrastructure that you need to host your code on so that you can, spray it out and and evade law enforcement and things like that. Nowhere as a service, essentially provides a commoditized community approach to this kind of thing.
And not only does it decrease that friction, so Joe Schmo malware guy and some in his parents basement, may be able to just buy their way into being a major malware purveyor. It also enables significant amount of scalability.
So somebody that knows what they're doing and has the funding behind it could theoretically scale some of these malware campaigns as large as they will go. And and a lot of them, it correlates.
The more victims they have, the more money they make. So, yeah.
Justin Timothy
28:43 - 29:35
Yeah. Yeah.
I mean, specifically for Infostealers, it feels like they're just making the malware and they're just doing a subscription service or a license for somebody to use it. I I love how we're using the adage of somebody in their parent's basement because that's really what it feels like when we're dealing with some of these people.
Just, like, kind of sad why are you doing cybercrime, but that's another conversation. But really, they're kind of running their whole schemes like marketing.
Like, they have people who are advertising on forums where these threat actors are lurking. They have people developing the code.
They have people standing up little shops and Telegram things to actively do the sales. It could be all one developer, but it's it's a large process, so it makes sense that they’d have multiple people behind the scenes.
Just by the numbers, logs and things like that we're seeing on some markets like Russian market, There's definitely a lot of money that they're making here from a lot of subscriptions. So employing people to kinda help them out here, is not a stretch of the imagination.
Mike Kosak
29:35 - 30:00
Yeah. LummaC2's organization is fascinating along those lines where, you know, they've got admins, they've got customer support, they've got trappers that are out there pushing it, like you said.
I mean, it's such a it's such a robust organization, and it just goes to show the professionalism behind it and the money that they're making because they can invest that kind of money back into the product and know that they're gonna make it back.
Grayson North
30:00 - 30:33
Yeah. I'm not gonna pretend to be a gray beard by any sense of the term, but, that that's the difference in cybersecurity right now versus ten years ago.
The the difference is the professionalization of cybercrime. I'm sure there were a couple gangs back then that that were extremely well organized, and they had their processes and procedures in place.
But now that's becoming more and more of the norm, and it's all about scalability there. Once you have this organizational structure in place, again, the sky's the limit.
You you put more resources into it and, theoretically get more money out of it.
Mike Kosak
30:33 - 30:47
Yeah. When I talk about it sometimes, I almost compare it to the industrial revolution where we're seeing this specialization of labor, and that's really just kind of kicked everything into high gear and increased the money, increased the the velocity of of operations and everything else.
Justin Timothy
30:47 - 31:20
It feels kinda grim when you put it that way, but I feel like we're not completely fighting a losing battle. Like, I still think there are some things that people can do to kinda prevent against it.
Like, even just using, like, a a real, password vault. I'm sure you folks might have a recommendation or two there.
But even just yeah. But even just something as simple as that, like, just using LastPass, that prevents the whole browser impact that threat actors have, and it just kinda cripples the effect the, the infostealer can have.
It doesn't mitigate it completely, but it's still a step in the right direction.
Stephanie Schneider
31:20 - 32:13
Yeah. And I think I think there to your point, like, there are steps that people can can take to better protect themselves against infostealers.
I mean, for one, using a password manager, like you mentioned, Justin, and, you know, also taking, you know, implementing multifactor authentication is another one because in so many incidents, threat actors, you know, kind of they get these credentials from the dark web. They plug them in and with no MFA enabled for that extra layer of protection, it's just off to the races.
And and that's how, you know, how we see that breach play out time and time again. And they're, you know, relatively simple steps to take, and yet, it seems like, you know, we we still have a ways to go in really shoring up our protections with those fairly simple precautions.
Grayson North
32:13 - 32:38
Yeah. I think that's really prudent.
Infostealers, just as an ecosystem, really preys on people doing less than the bare minimum. And there's so many organizations out there that either don't have a cybersecurity program or don't invest in it or they have the personnel, but they're not enabled to make choices to better defend their organization.
And, that's exactly what Infostealer Malware is targeted against.
Justin Timothy
32:38 - 32:55
Unfortunately, the human element's always the weakest in the security stack. I mean, we all get lazy sometimes, and it only takes a threat actor one laziness for them to get lucky than steal all of my credentials.
So the odds are stacked against us, but like Grayson said, just do more than the bare minimum, and hopefully, we can get by.
Stephanie Schneider
32:55 - 33:17
That wraps up our episode of The Phish Bowl. Thanks to Grayson and Justin and also to Mike for being a great cohost, and thank you to our listeners.
Make sure to like and subscribe where you listen to your podcasts so you don't miss new episodes of The Phish Bowl, and you can also download the latest threat report link, which will be in the episode description.
Mike Kosak
33:17 - 33:28
Also, if you'd like more information on Infostealers, you can check out the link to the report that we did with our friends at GRIT, which we will include here, right where you got this podcast.
Stephanie Schneider
33:28 - 33:29
See you next time.