2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Malware authors leverage more attack techniques that enable lateral movement

Malware authors leverage more attack techniques that enable lateral movement
CSO Online – Lucian Constantin
A new study of over a half-million malware samples collected from various sources in 2022 revealed that attackers put a high value on lateral movement, incorporating more techniques that would allow them to spread through corporate networks. Several of the most prevalent tactics, as defined by the MITRE ATT&CK framework, that were identified in the dataset aid lateral movement, including three new ones that rose into the top 10.

The most prevalent MITRE ATT&CK technique observed was abuse of command and scripting interpreters, used by 31% of the malware samples. The second most common technique observed was OS Credential Dumping, which falls under the Credential Access tactic, with a prevalence of 25% of malware samples analyzed. This technique has risen in popularity since 2021 according to Picus when it was occupying rank 5 in the top 10 most commonly used techniques.

The third technique seen in 23% of malware samples was data encrypted for impact. Fourth was project injection, observed in 22% of malware and this includes 12 other sub-techniques that allow the injection of malicious files, modules, or code into running processes.

The fifth most common technique observed by Picus was system information discovery, rising from rank 9 in 2021. This technique was observed in 20% of the analyzed malware samples and it also applies to cloud virtualized environments, using the APIs those cloud services provide.

In sixth place was a new entry into the top 10: remote services. This technique was observed in 18% of malware and as previously noted, falls under the lateral movement tactic, because it enables attackers to access other systems, not just from the internet, but also on local networks, through a variety of protocols.

In seventh place we have the Windows Management Instrumentation (WMI) technique, another new entry in top 10 for 2022 that falls under the Execution tactic. The eighth most common technique is the abuse of the scheduled tasks/jobs mechanisms in various operating systems. While this falls under the Execution, At number 9 we have virtualization and sandbox evasion technique, which was observed in 9% of malware and enables the defense evasion tactic. Finally, at rank 10 we have another new top 10 entry that enables lateral movement: remote system discovery.
Link: https://www.csoonline.com/article/3688568/malware-authors-leverage-more-attack-techniques-that-enable-lateral-movement.html

Categories:

Tags: