Software updates aren’t always all that exciting. In fact, they’re generally downright boring as far as the general public is concerned. That doesn’t mean they won’t make a huge impact.

Take, for example, a seemingly subtle change that Google recently introduced in version 80 of the Chrome web browser. A tweak designed to make the credentials you save in Chrome’s password manager more secure is also making a big impact on at least underground criminal enterprise.

For years, the Genesis Store has done a brisk trade in stolen credentials and digital ‘fingerprints.’ When Chrome 80 arrived in February, its supply of fresh credentials took a major hit.

Raveed Laeb is a product manager for KELA, a threat intelligence firm that uses sophisticated, automated tools to keep tabs on the countless gigabytes of stolen data being traded on Darknet forums and marketplaces. He’s been investigating Genesis for quite some time and recently released an in-depth report on his findings so far.

One of the most interesting is the 35% drop in credentials for sale since the release of Chrome 80. At its peak, Genesis boasted an inventory of around 335,000 individual digital fingerprints for sale, according to Catalin Cimpanu of ZD Net. That has shrunk to somewhere around 200,000 this month.

Chrome now employs stronger encryption to protect stored credentials — specifically AES-256, the strongest of the three Advanced Encryption Standard block ciphers.

That’s good news for Chrome users, and simultaneously bad news for malware authors. The change was enough to derail the password-stealing tactics leveraged by certain strains. Some of those strains had been funneling data back to Genesis.

It’s all part of the never-ending game of whack-a-mole that is the battle against malware. There’s always the possibility that hackers will figure out how to defeat these new protections (at least one claims to have already done so, according to Cimpanu).

There’s also a chance that they could choose instead to pack it in and move on to something new… if finding a way around Chrome’s improved defenses proves to be more trouble than it’s worth.

Source link

Write a comment:

Your email address will not be published.