Malware attacks

Malware attacks involve malicious software—viruses, worms, trojans, ransomware—designed to disrupt, damage, or gain unauthorized access to systems or data. Malware can harvest credentials via keyloggers, open backdoors, or encrypt data for ransom. It often spreads through phishing emails, infected websites, or unpatched software vulnerabilities.

How does it affect identity security?
Malware can specifically target credentials (e.g., password stealers, token grabbers). If user or admin passwords are obtained, attackers pivot to more systems.

Compromised endpoints uploading stolen credentials to attackers can lead to unauthorized cloud logins. For instance, if a user’s machine has a keylogger, it might capture the user’s MFA seeds or session tokens for AWS. Cloud-based anti-malware scanning (e.g., Amazon GuardDuty, Azure Sentinel) monitors for known malicious signatures or suspicious behaviors. Integrating endpoint threat intel with IAM can trigger forced logout or credential rotation if a user device is flagged.

 Ransomware often tries to escalate privileges to encrypt shared drives. Malware that gains domain admin credentials can cripple an entire enterprise. Identity security measures—like least privilege, MFA, and restricting local admin—limit the damage. Good endpoint security, patch management, and suspicious activity monitoring also help thwart malware.

Case study

NotPetya, disguised as ransomware, spread laterally by reusing harvested domain credentials. Maersk alone had to rebuild thousands of servers. Strong identity protections—like restricting admin privileges—could have slowed the worm’s propagation.

‍