Security researchers have warned that a rising quantity of flexible malware variants are able of doing several malicious steps throughout the cyber-get rid of chain.
Picus Security compiled its Pink Report 2023 by analyzing over 500,000 malware samples very last calendar year, figuring out their strategies, techniques and techniques (TTPs) and extracting above 5.3 million “actions.”
The vendor then mapped these steps to MITRE ATT&CK methods.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The report discovered that the average malware variant now leverages 11 TTPs or nine MITRE ATT&CK techniques. A person third (32%) makes use of more than 20 TTPs, and 1 in 10 leverages more than 30 TTPs, in accordance to the report.
“Modern malware will take many sorts. Some rudimentary kinds of malware are built to perform basic features. Other folks, like a surgeon’s scalpel, are engineered to carry out single tasks with excellent precision,” stated Picus Security co-founder, Suleyman Ozarslan.
“Now we are observing far more malware that can do everything and anything. This ‘Swiss Military knife’ malware can permit attackers to transfer as a result of networks undetected at good speed, get credentials to entry critical systems and encrypt data.”
Highlighting the target for several menace actors currently, Picus identified that 40% of the most prevalent MITRE ATT&CK approaches it determined ended up utilized to support with lateral motion.
These integrated attempted-and-examined procedures this sort of as Command and Scripting Interpreter and OS Credential Dumping, and more recent ones these as Distant Solutions, Remote Procedure Discovery and WMI.
The most widespread strategy in the report’s top 10 list was Command and Scripting Interpreter, which requires the abuse of genuine interpreters this kind of as PowerShell, AppleScript and Unix shells to execute arbitrary commands. This highlights how hackers favor legit present applications in their attacks, fairly than custom-formulated kinds, Picus explained.
Second on the listing was OS Credential Dumping, which attackers use to hijack accounts and move laterally. 3rd arrived Data Encrypted for Impression, which reveals the continued menace posed by ransomware.
“The objective of ransomware operators and country-condition actors alike is to attain an goal as speedily and efficiently as doable. The simple fact that extra malware can perform lateral movement is a indication that adversaries of all varieties are being compelled to adapt to distinctions in IT environments and function tougher to get their payday,” stated Ozarslan.
“Faced with defending against significantly innovative malware, security groups ought to also go on to evolve their techniques. By prioritizing usually used attack techniques, and by consistently validating the performance of security controls, companies will be a lot greater well prepared to defend critical belongings.”
Some parts of this write-up are sourced from: