Security News > 2024 > March > The most prevalent malware behaviors and techniques

An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence.

The analyzed malware samples were most often delivered via malicious email attachments featuring macro-enabled documents, Windows shortcut files, ISO/VHD containers, and MSI installers.

It should now come as a surprise that defense evasion is by far the most common tactic employed by malware, as its effectiveness is contingent upon not getting blocked and/or noticed by security solutions and security teams.

" are associated with code injection, defense tampering, masquerading, and system binary proxy execution," Samir Bousseaden, a detection engineer with Elastic Security Labs, has noted.

Malware is often executed by taking advantage of Windows' default command and scripting languages, though "There has been a slight uptick in the shift towards using other third-party scripting interpreters like Python, AutoIt, Java and Lua.".

While acknowledging that the malware dataset they analyzed is limited in size, engineers can still use the findings to improve malware detections, Bousseaden noted.

News URL

https://www.helpnetsecurity.com/2024/03/20/malware-behaviors-techniques/