Malware-as-a-Service (MaaS) infections posed the biggest threat to organizations in the second half of 2023, according to a new report from Darktrace.
THE End of Year Threat Report 2023 highlighted the cross-functional adaptation of many malware strains. This includes malware loaders such as Remote Access Trojans (RATs) combined with information-stealing malware.
Through reverse engineering and detection analysis, Darktrace researchers noted that “malware strains are progressively developed with a minimum of two functions and are interoperable with a greater number of existing tools.”
These malicious tools are particularly dangerous for organizations because of their ability to harvest data and credentials without exfiltrating files, making detection more difficult.
A prominent example is ViperSoftX, an information stealer and RAT malware known to collect privileged information such as cryptocurrency wallet addresses and password information stored in browsers or password managers.
ViperSoftX was first observed in the wild in 2020, but new strains identified in 2022 and 2023 contain more sophisticated detection evasion techniques and capabilities.
Another example is the Black Basta ransomware, which also spreads the Qbot banking Trojan for credential theft.
The most common MaaS tools observed in the threats studied during the period July to December 2023 were:
- Malware Loaders (77%)
- Cryptominers (52%)
- Botnets (39%)
- Information-stealing malware (36%)
- Proxy botnets (15%)
Continued transition to Ransomware-as-a-Service (RaaS)
THE report also highlighted an increase in RaaS attacks in 2023, marking a move away from conventional ransomware.
He noted that the dismantling of the Hive ransomware group by law enforcement in January 2023 has led to increased proliferation of the ransomware market. This includes the rise of ScamClub, a malvertising actor that distributes fake virus alerts to notable news sites, and AsyncRAT, which has targeted U.S. infrastructure workers in recent months.
Darktrace predicts that more ransomware actors will employ double and triple extortion tactics next year, using the increasing availability of multifunctional malware.
The company said it expects the MaaS and RaaS ecosystems to continue growing in 2024, further lowering the barriers to entry for cybercriminals.
Read here: LockBit reigns supreme in the booming ransomware landscape
Attackers using AI in phishing campaigns
Darktrace said it observed last year that threat actors were employing other innovative approaches to circumvent organizations’ defenses.
This included increasingly effective email attacks, such as phishing, that aimed to manipulate recipients into divulging sensitive information or downloading malicious payloads.
For example, 65% of phishing emails observed by Darktrace last year successfully bypassed Domain-based Message Authentication (DMARC) verification checks, while 58% of these messages passed through all existing security layers. .
Researchers believe that many attackers are leveraging generative AI tools to create more convincing phishing campaigns and automate this activity.
Hanah Darley, Director of Threat Research at Darktrace, commented: “Throughout 2023, we have seen significant development and evolution in malware and ransomware threats, as well as a shift in tactics and attacker techniques resulting from innovation in the technology industry as a whole, including the increase in the number of threats. Generative AI.
“Against this backdrop, the scale, scope and complexity of the threats organizations face have increased significantly. »