Security News > 2023 > April > Malware is proliferating, but detection measures bear fruit: Mandiant

Threat groups are on the rise, and Google Cloud's cyberdefense unit Mandiant is tracking 3,500 of them, with 900 added last year, including 265 first identified during Mandiant's investigations in 2022.

The study, based on Mandiant Consulting investigations of targeted attack activity between Jan. 1 and Dec. 31, 2022, found an increasing number of new malware families.

The most common malware family identified by Mandiant in investigations last year was BEACON, identified in 15% of all intrusions investigated by Mandiant, which said the malware has been deployed by groups aligned with China, Russia and Iran; financial threat groups; and over 700 UNCs.

Figure B. "Mandiant has investigated several intrusions carried out by newer adversaries that are becoming increasingly savvy and effective," said Charles Carmakal, CTO Mandiant Consulting at Google Cloud, adding that the actors use data from underground cybercrime markets to run social engineering campaigns aimed at moving laterally into enterprise networks.

Mandiant investigations uncovered an increased prevalence in both the use of widespread information stealer malware and credential purchasing in 2022 when compared to previous years.

Among groups targeting major corporations with high-profile attacks were Lapsus, which Mandiant tracks as UNC3661, and another Mandiant labeled UNC3944.

News URL

https://www.techrepublic.com/article/mandiant-malware-proliferating/