
Latest multi-purpose malware is adept for evasion, lateral movement, and data encryption
Picus Security, the pioneer of Breach and Attack Simulation (BAS), has released The Red Report 2023, an in-depth analysis of over 550,000 real-world malware samples – its biggest study to date. By observing the malware’s behavior, the company’s researchers extracted over 5 million malicious actions and used this data to identify the ten most common techniques leveraged by cybercriminals in 2022. Based upon the findings of its report, the company is warning of the rise of “Swiss Army knife malware” – multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls.
The versatility of the latest malware is demonstrated by the fact that a third of the total sample analyzed by Picus Labs is capable of exhibiting more than 20 individual Tactics, Techniques, and Procedures (TTPs). Increasingly, malware can abuse legitimate software, perform lateral movement, and encrypt files. Its rising sophistication is likely driven by the extensive resources of well-funded ransomware syndicates and by advancements in behavior-based detection methods used by defenders.
“Modern malware takes many forms,” said Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs. “Some rudimentary types of malware are designed to perform basic functions. Others, like a surgeon’s scalpel, are engineered to conduct single tasks with great precision. Now we are seeing more malware that can do anything and everything. This ‘Swiss Army knife’ malware can enable attackers to move through networks undetected at great speed, obtain credentials to access critical systems, and encrypt data.”
The Red Report 2023, the latest iteration of Picus’ annual report, helps track the evolution of malware over time. The insights it provides help security teams prioritize the mitigation of the most prevalent attack techniques aligned to the MITRE ATT&CK adversary behavior framework.
Key findings include:
- The average malware leverages 11 TTPs. One-third of malware (32%) leverages more than 20 TTPs, and one-tenth leverages more than 30 TTPs.
- Command and Scripting Interpreter is the most prevalent ATT&CK technique, exhibited by nearly a third of malware samples. The appearance of Remote System Discovery and Remote Services in The Red Report Top Ten for the first time is further evidence of the extent to which malware can now abuse built-in tools and protocols in operating systems to evade detection.
- Four out of 10 of the most prevalent ATT&CK techniques identified are used to aid lateral movement inside corporate networks.
- A quarter of all malware is capable of encrypting data, highlighting the continued threat of ransomware.
“The goal of ransomware operators and nation-state actors alike is to achieve an objective as quickly and efficiently as possible,” continued Dr. Ozarslan. “The fact that more malware can conduct lateral movement is a sign that adversaries of all types are being forced to adapt to differences in IT environments and work harder to get their payday.”
“Faced with defending against increasingly sophisticated malware, security teams must also continue to evolve their approaches. By prioritizing commonly used attack techniques, and by continuously validating the effectiveness of security controls, organizations will be much better prepared to defend critical assets. They will also be able to ensure that their attention and resources are focused in areas that will have the greatest impact.”
Fachartikel

ETH-Forschende entdecken neue Sicherheitslücke in Intel-Prozessoren

Sicherheitskontrollen im Wandel: Warum kontinuierliche Optimierung zur proaktiven Abwehr und einem stabilen Sicherheitsmanagement gehört

Massives Datenleck: 200 Milliarden Dateien in Cloud-Speichern öffentlich zugänglich

Windows 10: Mai-Update führt zu BitLocker-Wiederherstellungsschleife

Advanced NPM Supply-Chain Attack kombiniert Unicode-Steganografie mit Google Kalender als C2-Kanal
Studien

Princeton-Forscher warnen vor fatalen KI-Angriffen im Web3-Umfeld

Führungskräfte ohne KI-Wissen? Gartner-Umfrage offenbart Sorgen der CEOs

Schweigen über KI-Erfolge: Was eine neue Ivanti-Studie offenbart

IBM treibt den Einsatz generativer KI in Unternehmen mit hybrider Technologie voran

Weltweite Umfrage: Mehrheit der Technologieverantwortlichen spricht sich für Robotik im Arbeitsumfeld aus
Whitepaper

TeleTrusT legt aktualisiertes Positionspapier „Cyber-Nation“ vor

Sechs entscheidende Tipps für den erfolgreichen Einsatz von cIAM-Lösungen

Wie die Datenverwaltung Wachstum und Compliance fördert

Group-IB präsentiert die zehn gefährlichsten Cybergruppen 2025

Cyberkriminelle nehmen 2025 verstärkt das Gesundheitswesen ins Visier
Hamsterrad-Rebell

Insider – die verdrängte Gefahr

Sicherer SAP-Entwicklungsprozess: Onapsis Control schützt vor Risiken

Das CTEM-Framework navigieren: Warum klassisches Schwachstellenmanagement nicht mehr ausreicht

Cybersicherheit im Mittelstand: Kostenfreie Hilfe für Unternehmen
