Security News > 2023 > February > Malware that can do anything and everything is on the rise

"Swiss Army knife" malware - multi-purpose malware that can perform malicious actions across the cyber-kill chain and evade detection by security controls - is on the rise, according to the results of Picus Security's analysis of over 550,000 real-world malware samples gathered from commercial and open-source threat intelligence services, security vendors and researchers, and malware sandboxes and databases.

The average malware leverages 11 different tactics, techniques, and procedures.

One-third of malware leverages more than 20 TTPs, and one-tenth leverages more than 30 TTPs. Command and Scripting Interpreter is the most prevalent ATT&CK technique, exhibited by nearly a third of malware samples.

The appearance of Remote System Discovery and Remote Services in the company's Red Report for the first time is further evidence of the extent to which malware can now abuse built-in tools and protocols in operating systems to evade detection.

The versatility of the latest malware is demonstrated by the fact that a third of the total sample analyzed by Picus Labs is capable of exhibiting more than 20 individual TTPs. Increasingly, malware can abuse legitimate software, perform lateral movement, and encrypt files.

"Some rudimentary types of malware are designed to perform basic functions. Others, like a surgeon's scalpel, are engineered to conduct single tasks with great precision. Now we are seeing more malware that can do anything and everything. This 'Swiss Army knife' malware can enable attackers to move through networks undetected at great speed, obtain credentials to access critical systems, and encrypt data."

News URL

https://www.helpnetsecurity.com/2023/02/14/multi-purpose-malware-on-the-rise/