Picus Security announced the release of its report which is a comprehensive analysis of attacker behavior and highlights the top 10 most widely seen attack techniques over the last 12 months.
In compiling its research, more than 200,000 malware samples were analyzed to identify the behaviors they exhibit. In total, researchers observed 2.2 million malicious actions, which they mapped to the MITRE ATT&CK framework, a widely used knowledge base of adversary tactics and techniques.
The report’s 2021 top ten list of the most common ATT&CK techniques demonstrates how cybercriminals have shifted towards ransomware over the last 12 months. In addition to being more likely to encrypt a target’s data, it shows that malware variants in 2021 are increasingly sophisticated and evasive, making it harder to detect and respond to them.
Malware variants evolving in 2021
The analysis of hundreds of thousands of real-world threat samples were collected from a wide variety of sources, including commercial and open-source threat intelligence services, security vendors, researchers, malware sandboxes, and forums.
“Variant has become a word that strikes panic into most people, but security teams have been concerned by the threat of new malware variants for years,” said Dr Süleyman Özarslan, VP of Picus Security and Picus Labs.
“The 2021 Red Report top ten highlights the proliferation of ransomware and the extent to which attackers continue to vary their approach, including using defense evasion and other sophisticated techniques to achieve their objectives.”
“Only by adopting a threat-centric approach can organizations fully understand how prepared they are to defend against the most common attack techniques and develop the capabilities needed to prevent, detect and respond to them continuously.”
This content was originally published here.