A cybersecurity AI provider has released its End of Year Threat Report for the second half of 2023. The report is based on data from the entire customer base and uncovers important developments in the areas of multi-functional malware, loaders, ViperSoftX and phishing emails.
According to Darktrace's analysis, in the second half of 2023, the most commonly observed threat type was Malware-as-a-Service (MaaS), which, along with Ransomware-as-a-Service (RaaS), accounted for the majority of malicious tools used in cyberattacks made up. Due to high demand and recurring subscription-based revenue, Darktrace expects the MaaS and RaaS ecosystems to continue to grow and remain the biggest threats in 2024. All results of the analysis are based on insights collected by Darktrace's self-learning AI.
One malware for everything
Malware is no longer tailored to a specific action or task. It has been further developed and can perform multiple activities - like a Swiss Army knife. The evolution of multi-functional malware will continue and pose an increasing threat to security teams due to their adaptability and versatility. This allows cybercriminals to carry out a range of malicious activities more efficiently and shorten the time they spend in the affected networks. This also reduces the likelihood of their detection. Anomaly detection becomes critical for organizations to stay ahead of ever-evolving threats.
A current example of multi-functional malware is CyberCartel. This Latin American hacking group has been active since 2012 and is known to exploit MaaS offerings from other malware strains such as the Fenix botnet. The Darktrace Threat Research Team discovered around 40 networks potentially affected by CyberCartel. By combining features from different strains and using a common C2 infrastructure, CyberCartel can effectively distribute its malware and steal information. It is very difficult to accurately assign which company is affected by which malware function.
The door openers
Loaders often open the door into corporate networks and represent the most frequently observed threat category within MaaS and RaaS that Darktrace analyzed in the second half of 2023. They were involved in 77 percent of the attacks examined, followed by cryptominers (52%), botnets (39%), information theft malware (36%) and proxy botnets (15%). The percentages result from multiple responses because the affected customers were divided into more than one threat type based on the infections in each category.
First-access malware such as loaders and information stealers will continue to be among the biggest threats to organizations. They are often interoperable, flexible MaaS tools. Darktrace often observes that they collect data and credentials for initial access without transferring files. The data is then often sold. Given the increasing value of data in the modern cyber threat market, first-access MaaS tools remain an important issue for security teams. Additionally, loaders enable subsequent second and third stage infections for malicious attacks and ransomware.
Password thief avoids detection
ViperSoftX is an example of the widespread distribution of first-entry malware. The Information Stealer and Remote Access Trojan (RAT) collects sensitive information such as cryptocurrency wallet addresses and password information stored in browsers or password managers to facilitate subsequent attacks. It is usually distributed via cracked software downloads from suspicious domains, torrent downloads, and key generators from third-party sites.
The malware was first observed in the wild in 2020. But new strains emerged in 2022 and 2023 that use more sophisticated techniques to evade detection. This includes advanced encryption methods and monthly changes to command and control (C2) servers. The current versions also use DLL (Dynamic-Link Library) sideloading for execution techniques. They install a malicious browser extension called VenomSoftX that works as an independent information stealer.
Phishing emails still dangerous
The Darktrace/Email solution discovered 10,4 million phishing emails between September 1st and December 31st, 2023. Of these, 65 percent successfully passed authentication via DMARC (Domain-based Message Authentication). Bypassing this verification check indicates that cybercriminals are increasingly improving their stealth and evasion tactics. The fact that only 42 percent of phishing emails were detected by major email providers such as Microsoft and Google shows gaps and vulnerabilities in conventional security measures.
Novel social engineering techniques such as the use of QR codes are designed to trick recipients into revealing sensitive information such as login details and banking information or downloading malicious files. With more than a quarter of phishing emails observed containing a large amount of text, cybercriminals are increasing their efforts to launch sophisticated phishing campaigns. They may also use generative AI tools to automate social engineering activities.
More at Darktrace.com
About Darktrace Darktrace, a global leader in artificial intelligence for cybersecurity, protects businesses and organizations with AI technology from cyberattacks. Darktrace's technology registers atypical traffic patterns that indicate possible threats. In doing so, it recognizes novel and previously unknown attack methods that are overlooked by other security systems.
Matching articles on the topic