Hackers Shun Malware for Social Engineering in Recent Trends

Dumpster diving isn't a new phenomenon in hacking, but its digital equivalent is the modern attack method of choice for most hackers, according to a new study from Ontinue. In it, the researchers highlight that hackers are increasingly using compromised credentials and breaches of trusted partners to gain entry to secure systems, rather than the more traditional malware-driven attacks of previous years.

"Attackers aren't trying to break through defenses anymore, they're logging in with stolen credentials," says Balazs Greksza, director of Advanced Threat Operations at Ontinue (via BetaNews). "Infostealers are feeding a growing underground market for corporate access. Once attackers obtain valid identities, they can bypass traditional security controls and move through environments as legitimate users, often without triggering the alarms organizations rely on."

Malware is still part of the chain, but it's often used to obtain the credentials needed to enter a system, rather than to kick in the digital door itself. Hackers target individuals with organizational privileges and use spear-phishing and targeted malware to get their login credentials. That way, they can enter the system undetected. It's much easier to hack one person than it is an entire organization with security teams in place to prevent it.

Credit: Sean Gladwell/Getty Images

In some cases, though, hackers can simply buy the required login data that someone else has stolen in another, unrelated attack. Listings for credentials stolen using the LummaC2 malware have reportedly increased by over 72% in recent months.

"Identity has become the attacker's skeleton key," said Shane Barney, chief information security officer at Keeper Security. "When identity controls are fragmented or overly permissive, attackers don't need novel exploits. They just need access that looks routine. Identity now defines the enterprise perimeter. When every identity is governed with least privilege and continuously validated, a stolen credential becomes a contained event instead of an enterprise-wide incident."

Other trends the report highlights include an increasing use of AI language models to generate malware code and craft spear-phishing emails and messages to potential victims.

It goes on to encourage organizations to treat security as a problem of identity as much as anything else. Secure defenses for your systems are important, but consider too the security of individual employees and how that could be exploited to leave holes in your larger digital systems.