New “Swiss Army Malware” can develop more threats than ever before

The days of specialized malware are slowly coming to an end, as modern variants are being designed to be able to do many things and carry as many features as possible, new research has claimed.

A report from Picus Security analyzing more than 550,000 real-world samples found that “Swiss Army knife malware” – multi-purpose strains capable of performing all kinds of actions, is on the rise. 

In fact, a third of all of the malware analyzed for the report carries at least 20 individual Tactics, Techniques, and Procedures (TTP), the report claims. The average malware leverages 11 TTPs, while one in ten has as many as 30 TTPs. Among the most common features are the abuse of legitimate software, lateral movement, and file encryption. 

Heavy investing

As per the MITRE ATT&CK adversary behavior framework, command and scripting interpreter is the most prevalent ATT&CK technique, observed in almost a third of all malware samples. 

Remote System Discovery and Remote Services have appeared in the research paper’s top ten for the first time, further strengthening the researchers’ conclusion that malware can now abuse built-in tools and protocols in operating systems to evade detection.

Four out of 10 of the most prevalent ATT&CK techniques identified are used to aid lateral movement inside corporate networks, while a quarter are capable of encrypting data.

All of these things have been made possible, Picus’ researchers found, through heavy investing. Ransomware syndicates are “well-funded”, they said, and they’re happy to re-invest those funds back into building even more dangerous malware. Furthermore, advancements in behavior-based detection methods that the defenders use to keep their premises secure have forced cybercriminals into coming up with new solutions.  

“The goal of ransomware operators and nation-state actors alike is to achieve an objective as quickly and efficiently as possible,” said Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs.. “The fact that more malware can conduct lateral movement is a sign that adversaries of all types are being forced to adapt to differences in IT environments and work harder to get their payday.”

“Faced with defending against increasingly sophisticated malware, security teams must also continue to evolve their approaches. By prioritizing commonly used attack techniques, and by continuously validating the effectiveness of security controls, organizations will be much better prepared to defend critical assets. They will also be able to ensure that their attention and resources are focused in areas that will have the greatest impact.”

Go to Source