New report warns of the perfect password manager heist.gettyYou dont need me to remind you that hackers and cybercriminals want to steal your passwords, but Im going to anyway. New that by innovative syncjacking browser attacks, pitching Google against Microsoft to steal one account password from the other, or even using avatars to grab the credential goodies. The point is that malware steals such credentials to such an extent that there are already one billion stolen passwords available on the dark web. A new report from Picus Security experts has warned that password managers are now being targeted in what it called a perfect heist scenario. Heres what you need to do to stay safe.SneakThief Attackers Create The Perfect HeistYour Password Manager Is Their TargetThreat actors are leveraging sophisticated extraction methods, including memory scraping, registry harvesting and compromising local and cloud-based password stores, Dr. Suleyman Ozarslan, vice-president of Picus Labs, warned, to obtain credentials that give attackers the keys to the kingdom. A new analysis of more than a million malware samples was undertaken by Picus Security researchers and the shocking result was that 25% of these are targeting credentials in password stores. Your password manager is under attack, make no mistake about that; the criminals carrying out the attacks are prioritizing complex, prolonged, multi-stage attacks that require a new generation of malware to succeed.Not only do these numbers mean that such malware usage has grown by 25% over a 12-month period, but for the first time ever, it also now appears in the top 10 attack techniques listed in the MITRE ATT&CK Framework. Picus Labs researchers have come up with SneakThief as a term to describe this evolution of info-stealing malware, likening the ever-sophisticated approaches employed to the perfect heist.MORE FOR YOUMitigating The Perfect Heist Password Manager AttacksIts vital that password managers are used in tandem with multi-factor authentication and that employees never reuse a password, Ozarslan said, especially for their password manager. Explaining that SneakThief malware is not an exception but increasingly the rule, Ozarslan recommended that focusing on that previously mentioned MITRE top 10 is the most viable way to stop the kill chain of sophisticated malware strains as early as possible. Which is great for the enterprise and less so for the consumer. I always advise using a password manager, and these attacks do not alter that: a password manager remains your most potent defense against password theft. Remember to use a strong master password that cannot be easily guessed; pass-phrases are a great way to achieve this without hitting the I cant remember it stumbling block. Always use 2FA in conjunction with your password manager, and ensure whatever solution you use has strong defenses in place against the compromise of your vault.