With so many usernames and passwords to remember across your professional and personal life, it can be tempting to click “Yes.” when prompted: “Save login details to your browser?” to save yourself time and hassle.
It’s also a massive cybersecurity risk.
Why? While it seems fairly harmless, auto-saving sensitive credentials to your web browser can run the risk of this information being harvested by a form of malware called RedLine.
What Is RedLine Malware?
First detected in early 2020, RedLine targets browsers by collecting login credentials, credit card information, and anything else that might be auto-saved to a browser. Stealing autocomplete information isn’t all it’s capable of either; RedLine can also steal information stored in VPN clients, steal cryptocurrency wallets, and execute commands on an infiltrated system.
It’s easily accessible and affordable via the dark web, with one-off prices ranging from $150 to $200, or a $100 per month subscription. After being sold to threat actors, it can be used with other forms of malware, granting unfettered access to individuals’ and companies’ data.
How Does RedLine Malware Work?
Once RedLine reaches the server, it would be able to access all company information – including any information on clients and customers. Not only can it execute commands on a server, but it can also install follow-up software attacks. RedLine’s attack method requires it to not only reach the server, but the end user’s hard disk as well. This means that, if successful, it could access data saved onto the hard drive, including additional information about the user, such as their location, hardware configuration, and cybersecurity software. This makes the effect RedLine can have on both large and small businesses potentially devastating.
By the end of 2021, RedLine became one of the more widely used types of information-stealing malware. Data breach notification service, Have I Been Pwned, has listed a shocking 441,000 accounts that have been stolen using RedLine. A version is currently spreading under the file name “Omicron Stats.exe”, preying on people’s heightened concerns about the new COVID-19 variant.
How To Prevent RedLine Malware Attacks
You can ask your employees to take care when storing their credentials, but this doesn’t offer comprehensive protection and is unreliable. It’s absolutely crucial to add extra layers of defense. Here are three best practices that will significantly reduce your business’ susceptibility to RedLine malware:
1. Implement multi-factor authentication.
2. Use a dedicated password manager.
3. Never miss a software update.
Each step adds a different key defense layer. Read on for a deep dive into each technique, complete with tool recommendations.
Implement Multi-Factor Authentication
Multi-factor authentication (MFA) is an authentication method that requires users to provide two or more verification methods before logging into an application or website. MFA usually entails a user logging in with standard credentials like a username and password, before verifying their identity in another way.
Common verification steps usually fall under one (or more) of three categories:
- Something you know – such as a password or PIN.
- Something you have – like confirming your identity through an authentication app on a smartphone.
- Something you are – usually a biometric such as fingerprints, face ID, or voice recognition.
MFA makes sure that even if login credentials are compromised, hackers will hit a wall when it comes to the next verification step, as the information needed to verify an identity is usually much harder, near impossible, to obtain. MFA can be handy for companies who are experiencing a rise in remote working, with staff being offered ‘BYOD’ (Bring your own device) policies, allowing staff to use personal devices over work ones.
Read on: Multi-Factor Authentication: What Is It And How Does It Work
Use A Dedicated Password Manager
With all of the passwords and usernames we have to remember, it’s tempting to end up using (and reusing) simple, easy-to-remember passwords across multiple platforms, even for our work accounts. However, this runs the risk of having your data easily compromised.
It’s important to use different passwords across all platforms, also making sure they’re strong passwords. Strong passwords are long, unpredictable, and include a blend of letters, numbers, and characters. But if they’re too difficult to remember by heart and auto-saving to an unprotected browser is a security risk and can be targeted by RedLine, what’s the solution?
Dedicated password managers are a handy tool that saves all of your unique passwords in an encrypted database. The managing system synchronizes them with a master password, just one password to access your password vault. Password managers can also automatically sign you into any platform, saving you the trouble of going into the vault to find your credentials.
These aren’t their only benefits. Password managers can also help to spot fake websites, notify you when they detect you using the same password across multiple accounts and send alerts if your credentials appear during a data breach.
Installing a password manager is a good way to enhance your business’s security, but when it comes to making a selection, it can be hard to choose what best suits your business model.
To help organizations find the right password management solution, we’ve put together a guide to the Top 10 Business Password Management solutions.
Never Miss A Software Update
While it seems less obvious, regularly updating your company devices is a good step in maintaining your overall security as these updates usually contain much-needed fixes for security gaps. Continuing to miss or avoid these updates leaves corporate devices susceptible to attacks.
Keeping software up to date is critical but it can be cumbersome having to manually update it when needed. However, there are steps you can take to make the process as seamless and automatic as possible. Allowing for auto-updates removes the temptation to decline an update when prompted by your employees, which you can instigate with endpoint management.
Unified endpoint management (UEM) tools allow businesses and organizations to monitor all PCs, mobile devices, and IoT devices that are connected to their network. Companies can automate endpoint tasks including software distribution and patch management in response to security gaps. It also allows for IT admins to see analytics on device usage, flag any suspicious activity, and implement any security measures to protect connected devices. For more on UEM and how it works, click here.
Protecting Your Business From RedLine Stealer Malware: A Summary
With remote and hybrid work on the rise, and more people using their own devices for both work and personal use, maintaining your company’s security on and off-site is more important than ever. This blend of remote access working and unaccounted-for devices can open up new avenues for security risks.
RedLine malware, and indeed other forms of malware, can have dire consequences for businesses and their clients’ and customers’ data, but with the extra protective measures we’ve discussed, you can maximize your company’s security.
With so many options it can be hard to find what’s right for your business. To make it easier, we’ve compiled a list of some leading software brands for the tools mentioned above, which you can read with the links below:
Read on: The Top 10 Password Managers For Business
Read on: The Top 11 Multi-Factor Authentication (MFA) Solutions For Business
Read on: The Top Unified Endpoint Management (UEM) Solutions
