Malware-as-a-Service infections were the biggest threat to organizations in the second half of 2023, according to a new Darktrace report.
The 2023 End of Year Threat Report highlighted the cross-functional adaption of many of the malware strains.
This includes malware loaders like remote access trojans being combined with information-stealing malware.
These malicious tools are particularly dangerous to organizations due to their ability to harvest data and credentials without exfiltrating files, making detection harder.
A prominent example of this was ViperSoftX, an information stealer and RAT malware known to gather privileged information such as cryptocurrency wallet addresses, and password information stored in browsers or password managers.
ViperSoftX was first observed in the wild in 2020, but new strains identified in 2022 and 2023 contain more sophisticated detection evasion techniques and capabilities.
Another example is the Black Basta ransomware, which also spreading the Qbot banking trojan for credential theft.
The report also highlighted an uptick in RaaS attacks in 2023, marking a shift away from conventional ransomware.
It noted that the dismantling of the Hive ransomware group by law enforcement in January 2023 led to an increased proliferation of the ransomware marketplace.
This included the rise of ScamClub, a malvertising actor that spreads fake virus alerts to notable news sites, and AsyncRAT, which has targeted US infrastructure employees in recent months.
Darktrace predicted that more ransomware actors will employ double and triple extortion tactics next year, utilizing the growing availability of multi-functional malware.
The firm said it expects the MaaS and RaaS ecosystems to continue their growth in 2024, further lowering the barrier to entry for cybercriminals.
Darktrace said it had observed threat actors employ other innovative approaches to bypass organizations' defenses last year.
This included increasingly effective email attacks, such as phishing, which aimed to manipulate recipients into giving up sensitive information or downloading malicious payloads.
65% of phishing emails observed by Darktrace last year successfully bypassed Domain-based Message Authentication verification checks, while 58% of these messages passed through all existing security layers.
The researchers believe many attackers are leveraging generative AI tools to craft more convincing phishing campaigns and automate this activity.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 06 Feb 2024 15:40:09 +0000