New analysis of more than 200,000 malware samples by Picus Security, a pioneer of Breach and Attack Simulation (BAS) technology, looks at attacker behavior over the last 12 months.
The 2021 Red Report highlights the top 10 most widely seen attack techniques and demonstrates how cybercriminals have shifted towards ransomware over the last year.
In addition to being more likely to encrypt a target’s data, the report shows that malware variants in 2021 are increasingly sophisticated and evasive, making it harder to detect and respond to them.
In a similar study in 2020, Picus reported that, on average, nine malicious actions were exhibited by a single malware file, a figure which has risen to 11 actions per file in 2021. This year has also seen a spike in malicious malware designed to encrypt a target’s data. The MITRE ATT&CK technique ‘Data Encrypted for Impact’ enters the Red Report top ten for the first time, with one in five malware variants now able to encrypt files.
“Variant has become a word that strikes panic into most people, but security teams have been concerned by the threat of new malware variants for years,” says Dr Süleyman Özarslan, co-founder of Picus Security and VP of Picus Labs. “The 2021 Red Report top ten highlights the proliferation of ransomware and the extent to which attackers continue to vary their approach, including using defense evasion and other sophisticated techniques to achieve their objectives.”
Five of the top ten techniques observed are categorized as ‘Defense Evasion’ tactics. Two thirds of malware files include at least one such technique, underlining attackers’ determination to avoid detection. In addition five percent of malware files analyzed in the report exhibit virtualization/sandbox evasion tactics. These malware variants can change their behavior in a virtual machine environment (VME) or sandbox, which helps them evade detection and analysis.
Özarslan concludes, “Only by adopting a threat-centric approach can organizations fully understand how prepared they are to defend against the most common attack techniques and develop the capabilities needed to prevent, detect and respond to them continuously.”
The full report is available from the Picus site.
This content was originally published here.