The Persistent Threat of Account and Identity Theft Malware

identity theft FIIdentity theft continues to be a challenging and expensive risk for consumers, and malware that’s specifically designed to steal users’ account data and identities are often used to commit the crime.

The reason for this persistent threat? Simple, identity theft is a very lucrative business for cybercriminals. The 2017 Identity Fraud Study, recently released by Javelin Strategy & Research, found that cybercriminals stole $16 billion dollars from 15.4 million U.S. consumers in 2016 alone. That’s a substantial amount of money. It also represents nearly a billion dollar increase over 2015 identity theft losses. In the past six years, identity thieves have stolen over $107 billion dollars from victims in the U.S. alone.

Somewhere around 100 million Americans have personally identifiable information (PII) stored in databases managed by government agencies and numerous businesses. With the current onslaught of data breaches and user account theft, private, sensitive information is constantly at risk of account and identity theft.

Malware is a Major Factor in Identity Theft

There are a number of methods used to commit identity theft, including physical theft of wallets, purses, and personnel records, as well as simply bribing or colluding with employees who have access to bank accounts, credit cards, tax data, or other types of PII. But the most dangerous form of identity theft involves cybercrime, including malware. According to the 2012 Verizon Data Breach Investigative Report, malware was found to contribute to 69% of data breaches, and there’s no reason to believe that the situation has improved since then.

The sophistication level of professional identity thieves continues to grow, and so does the methods they develop. With individually tailored phishing and spear phishing scams and elaborate networks of botnets designed to hijack millions of computers without leaving a trace, cybercriminals are constantly developing and deploying new malware in an attempt to steal user accounts and identities.

Identity Theft Malware

One example of identity-stealing malware is a nasty bit of code called MEDJACK, designed specifically to target medical devices. Security researchers found new versions of this malicious code designed to exploit hospital equipment like x-ray machines and MRI scanners. The malware executes a sophisticated zero-day attack that allows cybercriminals to steal patient data from the devices, including PII that the thieves use to commit identity theft.

Keyloggers are another type of dangerous malware. They are often used to capture user IDs, passwords, account numbers, and other sensitive data that cybercriminals leverage to commit identity theft. Criminals used keyloggers in many of the largest and most notable breaches, including TJX, Citibank, Sony, RSA/EMC, World Bank, Lockheed Martin, NBC, Google, and Heartland Payment Systems, as well as breaches of scores of medical clinics and small business the world over. According to the aforementioned Verizon report, of those breaches where criminals used malware to steal data, 98% of the time the malware included keylogging functionality.

The number of malicious smartphone apps used for identity theft is also on the rise. We’ve recently seen sophisticated Android apps designed to secretly steal your credit card data and other sensitive information. Victims are unlikely to know about the malware until they learn of the fraudulent use of their identities.

Advanced Malware Protection is Key to Preventing Identity Theft

As one of the most frequent, costly and pervasive crimes in the United States and throughout much of the world, individuals and businesses need to take identity theft very seriously. The early detection and eradication of malicious code designed to steal credentials, especially advanced malware, is an important component in this war against identity theft.

Since malware is often delivered via email and malicious websites, organizations need to make sure they augment their email and web gateways with advanced malware protection.