Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Swiss Army Malware. Show all posts

Threats Increase With Updated "Swiss Army Malware"

 


There seems to be a slow and steady decline in the production of specialized malware. Alongside, there is a growing trend across cyber-space today for variants to be able to perform a whole host of functions and feature as many features as possible, according to recent studies released. 

It was found that “Swiss Army knife malware” was on the rise due to an analysis of more than 550,000 real-world samples by Picus Security. These strains are multipurpose and capable of performing a variety of actions. 

Among the malware analyzed for the report, a third carries more than 20 individual tactics, techniques, and procedures (TTP), according to the report, which suggests that malware in much larger numbers is involved in cyber threats. There are quite a few attacks that leverage more than ten tactics. One in ten attacks has as many as 30 tactics. Most commonly, the use of legitimate software and the movement of files in a lateral way are among the most common features of these attacks. 

Investment in a Great Deal 

Almost a third of malware samples have been observed to contain executables and script interpreters. According to MITRE's ATT&CK adversary behavior framework, these interpreters are the most prevalent ATT&CK techniques.  

This is the first time Remote System Discovery and Remote Services have appeared in the top ten of this research paper, showing that malware can now exploit built-in tools and protocols within operating systems to avoid detection and avoid being detected by security software. 

The majority of the ATT&CK techniques identified have been used to facilitate lateral movement within corporate networks. Around a quarter of the techniques have been developed to safeguard data and facilitate lateral movement. 

Research conducted by Picus found that all of these things were possible thanks to Picus' heavy investment. According to analysts, many syndicates of ransomware are well-funded, and they are happy to invest their funds back into making even more destructive malware in the future. As a result, cybercriminals have evolved their methods of identifying and eliminating malicious behavior in their attempts to infiltrate consumers' premises. They also take advantage of technological advancements to come up with more sophisticated ways to do so.   

According to Suleyman Ozarslan, Picus Security's Co-founder and VP of Picus Labs, "The objective of both ransomware (opens in new tab) and nation-state actor operators is to achieve the goal in as short and efficient a time as possible," said Ozarslan. More malware can move laterally within an IT environment. This means that adversaries of all types will need to adapt to the differences in IT environments to succeed in their attempt to exploit them. 

Security teams must continue to evolve their approaches as they face a growing threat from sophisticated malware that is becoming more sophisticated daily. There is a strong correlation between prioritizing attacks that are commonly carried out and being able to defend critical assets better. This is because organizations prioritize techniques that are commonly used. Furthermore, they will be able to guarantee that their attention and resources are focused on the areas where they can have the greatest impact. They will be able to maintain a consistent focus on those areas.