1 in 10 ASX 200 Companies Infected by Dark Web Infostealers
Severity: Medium (Score: 51.9)
Sources: Prnewswire, Uk.Finance.Yahoo
Published: · Updated:
Keywords: security, upguard, companies, already, infected, although, there
Summary
UpGuard's 2025 ASX 200 Cybersecurity Report reveals that 10% of Australia's largest listed companies are infected with infostealers, primarily targeting identity credentials. The report highlights a slight improvement in overall security ratings, with an average score of 728.5, but emphasizes that this improvement is largely reactive, stemming from post-incident fixes rather than proactive measures. The research indicates that security scores stagnate until major incidents trigger temporary remediation spikes. The report also notes that encryption remains the weakest technical category, posing significant data privacy risks. Additionally, the reliance on common SaaS platforms creates a supply chain risk, where vulnerabilities can affect multiple organizations. The findings call for a shift towards continuous cyber risk posture management to enhance security resilience. Key Points: • 10% of ASX 200 companies have confirmed infostealer infections. • The average cybersecurity score for ASX 200 companies is 728.5, indicating a B rating. • Encryption is identified as the weakest link in cybersecurity for the second consecutive year.
Detailed Analysis
**Impact** 10 percent of ASX 200 companies have active, verified infostealer infections, with 71 percent of these infections concentrated in the largest organizations. The average cybersecurity score for the ASX 200 was 728.5 (B rating), showing a 1.58 percent improvement from 2024 driven by post-incident fixes rather than proactive measures. The Materials sector scored lowest (673), while Information Technology (776) and Utilities (769) led in security posture. The widespread use of common SaaS platforms creates supply chain cascade risks affecting hundreds of companies, and encryption remains the weakest technical category, putting data privacy at significant risk. **Technical Details** The primary attack vector is identity compromise through credential theft by infostealers, with credentials circulating in infostealer logs. Security improvements occur reactively following major global incidents, such as the CrowdStrike outage, but tend to subside within months. No specific malware variants, CVEs, or infrastructure details were provided in the articles. The attack lifecycle focuses on credential harvesting and exploitation, impacting external security posture as measured by UpGuard’s Cyber Risk Posture Management platform. **Recommended Response** Organizations should shift from periodic security checks to continuous, comprehensive cyber risk posture management with total visibility across attack surfaces and vendor ecosystems. Prioritize rapid awareness of changes, reduce time to remediation, and strengthen security fundamentals, especially encryption practices. Monitor for credential leaks and infostealer activity in logs, and implement unified systems addressing identity threats and supply chain risks. No specific patches or IOCs were provided for immediate blocking.
Source articles (2)
- UpGuard's ASX 200 Cybersecurity Report: 1 in 10 ASX 200 Companies Already Infected by ... — Prnewswire · 2026-05-19
Although there was a slight improvement in the ASX 200's security rating, it was driven by post-incident security fixes, not proactive strategy HOBART, Australia , May 20, 2026 /PRNewswire/ -- UpGuard… - 1 in 10 ASX 200 Companies Already Infected by Dark Web Infostealers — Uk.Finance.Yahoo · 2026-05-19
Although there was a slight improvement in the ASX 200's security rating, it was driven by post-incident security fixes, not proactive strategy HOBART, Australia , May 20, 2026 /PRNewswire/ -- UpGuard…
Timeline
- 2026-05-19 — UpGuard releases ASX 200 Cybersecurity Report: The report reveals that 10% of ASX 200 companies are infected with infostealers, highlighting security vulnerabilities and trends in remediation.
- 2026-05-19 — Average security score shows slight improvement: The average security score for ASX 200 companies improved to 728.5, reflecting a 1.58% increase from 2024, primarily due to reactive measures.