The days of specialized malware are slowly coming to an end as modern variants are designed to do many things and have as many features as possible, according to new research.
A report by Picus Security, which analyzed more than 550,000 real samples, found that the number of “Swiss Army Knives” – versatile strains capable of doing all sorts of things – is on the rise.
The report claims that a third of all malware analyzed in the report contains at least 20 individual tactics, techniques and procedures (TTP). The average malware uses 11 TTPs, while one in ten has as many as 30 TTPs. Among the most common features are misuse of legitimate software, lateral traffic and file encryption.
Heavy investments
According to the MITER ATT&CK Adversary Behavior Framework, the Command and Script Interpreter is the most common ATT&CK technique, seen in almost a third of all malware samples.
Remote System Discovery and Remote Services appeared in the top 10 of the research paper for the first time, further supporting the researchers’ conclusion that malware can now abuse built-in tools and protocols in operating systems to evade detection.
Four of the 10 most common identified ATT&CK techniques are used to support lateral traffic in corporate networks, and a quarter enable data encryption.
All of these things have been made possible, Picus researchers discovered, through heavy investment. Ransomware syndicates are “well-funded,” they said, and are keen to reinvest those funds into creating even more dangerous malware. In addition, advances in behavior-based detection methods that defenders use to secure their facilities have forced cybercriminals to develop new solutions.
“The purpose of ransomware (opens in a new tab) for both operators and nation-state entities is to achieve the goal as quickly and efficiently as possible,” said Dr. Suleyman Ozarslan, co-founder of Picus Security and vice president of Picus Labs. mean that opponents of all kinds are forced to adapt to differences in IT environments and work harder to get paid.”
“Faced with defending against increasingly sophisticated malware, security teams must also constantly evolve their approach. By prioritizing common attack techniques and continuously reviewing security effectiveness, organizations will be much better prepared to defend critical assets. They will also be able to ensure that their attention and resources are focused on the areas that will have the greatest impact.”