Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Australia: ASD issues advisory on info stealer malware

On September 2, 2024, the Australian Signals Directorate (ASD) released a new advisory on information stealer malware (info stealers) used by cybercriminals to target various organizations and sectors worldwide, including in Australia.

What is info stealer malware?

According to the advisory, info stealer malware is designed to harvest sensitive information from a victim's device, including usernames, passwords, card details, cryptocurrency wallets, local files, browser data, user history, and autofill form details. The advisory explained that stolen credentials can then provide cybercriminals with direct access to corporate networks and enterprise systems, bypassing the need for more sophisticated and time-consuming hacking methods.

The ASD's advisory emphasizes the risks posed to organizations that allow remote access to their networks, especially when employees, contractors, managed service providers, or other entities use Bring Your Own Device (BYOD) hardware. According to the advisory, such practices can increase the vulnerability of corporate systems to info stealer malware.

Mitigation measures

To mitigate these risks, the advisory recommends that organizations implement the following measures:

  • ensure staff are educated about the dangers of info stealers and the importance of maintaining good cyber hygiene;
  • strengthen the security of corporate accounts to prevent unauthorized access;
  • regularly assess the security of mobile devices used to access corporate networks; and
  • implement robust security measures to safeguard sensitive information and critical infrastructure.

Additionally, the ASD advises organizations to fully implement its Essential Eight cybersecurity strategies and to develop a comprehensive incident response plan. This plan should include clear guidelines for employees on what actions to take and who to contact in the event of a cybersecurity breach.

You can read the press release here and the advisory here.