
Latest multi-purpose malware is adept for evasion, lateral movement, and data encryption
Picus Security, the pioneer of Breach and Attack Simulation (BAS), has released The Red Report 2023, an in-depth analysis of over 550,000 real-world malware samples – its biggest study to date. By observing the malware’s behavior, the company’s researchers extracted over 5 million malicious actions and used this data to identify the ten most common techniques leveraged by cybercriminals in 2022. Based upon the findings of its report, the company is warning of the rise of “Swiss Army knife malware” – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls.
The versatility of the latest malware is demonstrated by the fact that a third of the total sample analyzed by Picus Labs is capable of exhibiting more than 20 individual Tactics, Techniques, and Procedures (TTPs). Increasingly, malware can abuse legitimate software, perform lateral movement, and encrypt files. Its rising sophistication is likely driven by the extensive resources of well-funded ransomware syndicates and by advancements in behavior-based detection methods used by defenders.
“Modern malware takes many forms,” said Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs. “Some rudimentary types of malware are designed to perform basic functions. Others, like a surgeon’s scalpel, are engineered to conduct single tasks with great precision. Now we are seeing more malware that can do anything and everything. This ‘Swiss Army knife’ malware can enable attackers to move through networks undetected at great speed, obtain credentials to access critical systems, and encrypt data.”
The Red Report 2023, the latest iteration of Picus’ annual report, helps track the evolution of malware over time. The insights it provides help security teams prioritize the mitigation of the most prevalent attack techniques aligned to the MITRE ATT&CK adversary behavior framework.
Key findings include:
- The average malware leverages 11 TTPs. One-third of malware (32%) leverages more than 20 TTPs, and one-tenth leverages more than 30 TTPs.
- Command and Scripting Interpreter is the most prevalent ATT&CK technique, exhibited by nearly a third of malware samples. The appearance of Remote System Discovery and Remote Services in The Red Report Top Ten for the first time is further evidence of the extent to which malware can now abuse built-in tools and protocols in operating systems to evade detection.
- Four out of 10 of the most prevalent ATT&CK techniques identified are used to aid lateral movement inside corporate networks.
- A quarter of all malware is capable of encrypting data, highlighting the continued threat of ransomware.
“The goal of ransomware operators and nation-state actors alike is to achieve an objective as quickly and efficiently as possible,” continued Dr. Ozarslan. “The fact that more malware can conduct lateral movement is a sign that adversaries of all types are being forced to adapt to differences in IT environments and work harder to get their payday.”
“Faced with defending against increasingly sophisticated malware, security teams must also continue to evolve their approaches. By prioritizing commonly used attack techniques, and by continuously validating the effectiveness of security controls, organizations will be much better prepared to defend critical assets. They will also be able to ensure that their attention and resources are focused in areas that will have the greatest impact.”
Fachartikel

ChatGPT bei der Arbeit nutzen? Nicht immer eine gute Idee

Das Aktualisieren von Software-Agenten als wichtige Praktik der Cyberhygiene auf MSP-Seite

Kosteneinsparungen und Optimierung der Cloud-Ressourcen in AWS

CVE-2023-23397: Der Benachrichtigungston, den Sie nicht hören wollen

Wie sich kleine und mittlere Unternehmen proaktiv gegen Ransomware-Angriffe wappnen
Studien

Studie zeigt 193 Millionen Malware-Angriffe auf Mobilgeräte von Verbrauchern im EMEA-Raum

2023 State of the Cloud Report

Trotz angespannter Wirtschaftslage: die Security-Budgets steigen, doch der IT-Fachkräftemangel bleibt größte Hürde bei Erreichung von Security-Zielen

BSI-Studie: Viele Software-Produkte für Onlineshops sind unsicher

Wie Cloud-Technologie die Versicherungsbranche revolutioniert
Whitepaper

Arctic Wolf Labs Threat Report: Deutlicher Anstieg der erfolgreichen Fälle von Business-E-Mail-Compromise

Aufkommende Trends in der externen Cyberabwehr

Cyber-Sicherheit für das Management – Handbuch erhöht Sicherheitsniveau von Unternehmen

Aktueller Datenschutzbericht: Risiko XXL am Horizont

Vertrauen in die Lieferkette durch Cyber-Resilienz aufbauen
Unter4Ohren

Optimierung der Cloud-Ressourcen und Kosteneinsparungen in AWS

DDoS – der stille Killer

Continuous Adaptive Trust – mehr Sicherheit und gleichzeitig weniger mühsame Interaktionen

Datenschutz und -kontrolle in jeder beliebigen Cloud bei gleichzeitiger Kostensenkung, Reduzierung der Komplexität, Verbesserung der Datenverfügbarkeit und Ausfallsicherheit
