Security researchers warn that more and more versatile malware variants are now capable of performing multiple malicious actions throughout the cyber kill chain.
Picus Security red report 2023 Last year, we analyzed over 500,000 malware samples, identified their tactics, techniques, and procedures (TTPs), and extracted over 5.3 million “actions.”
Vendors then mapped these actions to the MITER ATT&CK methodology.
The report reveals that the average malware variant currently utilizes 11 TTPs or 9 MITER ATT&CK techniques. According to the report, one-third (32%) use a TTP of 20 or more, and one in 10 utilizes a TTP of 30 or more.
“Modern malware comes in many forms. Some rudimentary types of malware are designed to perform basic functions. Some are designed to be very precise,” explains Suleyman Ozarslan, co-founder of Picus Security.
“Today, more and more malware can do anything. This ‘Swiss Army Knife’ malware allows attackers to traverse networks at high speed, undetected, obtain credentials to access critical systems, and exfiltrate data. can be encrypted. ”
Highlighting the focus of many of today’s threat actors, Picus found that 40% of the most prevalent MITER ATT&CK techniques we identified were used to aid lateral movement.
These included proven techniques such as command and script interpreters and OS credential dumps, as well as new techniques such as remote services, remote system discovery and WMI.
The most common technique in the report’s Top 10 list was command and script interpreters, exploiting legitimate interpreters such as PowerShell, AppleScript, and Unix shells to execute arbitrary commands. This highlights how hackers prefer legitimate existing tools in their attacks rather than custom-developed ones, Picus said.
Second on the list is OS Credential Dumping, which attackers use to take over accounts and move laterally. The third, data encrypted for impact, revealed an ongoing threat from ransomware.
“The goal of ransomware operators and nation-state actors is to achieve their objectives as quickly and efficiently as possible. It shows that they are forced to work hard and get paid,” said Ozarslan.
“In the face of increasingly sophisticated malware defenses, security teams must continue to evolve their approach. Prioritize commonly used attack techniques and continuously validate the effectiveness of security controls. By doing so, organizations are better prepared to defend their critical assets.”
