Threat actors get more creative in their attacks
The latest quarterly threat intelligence report from Kaspersky shows that many actors behind advanced persistent threats (APTs) have continued to diversify their toolsets, at times resorting to extremely tailored and persistent tools.
At the same time though others have reached their goals by the employment of well-known, time-tested attack methods.
Among new techniques is an attack infecting the UEFI (Unified Extensible Firmware Interface) making the malware planted on the device exceptionally persistent and extremely hard to remove. Other actors have made use of stenography including a new method abusing the Authenticode-signed Windows Defender binary.
In many cases toolsets have been updated in order to make them more flexible and less prone to detection. Various multi-stage frameworks, such as the one developed by the MuddyWater APT group, continue to appear in the wild.
"While some threat actors remain consistent over time and simply look to use hot topics such as COVID-19 to entice victims to download malicious attachments, other groups reinvent themselves and their toolsets," says Ariel Jungheit, senior security researcher on the Global Research and Analysis Team at Kaspersky. "The widening scope of platforms attacked, continuous work on new infection chains and the use of legitimate services as part of their attack infrastructure, is something we have witnessed over the past quarter. Overall, what this means for cybersecurity specialists is this: defenders need to invest resources in hunting malicious activity in new, possibly legitimate environments that were scrutinized less in the past. That includes malware that is written in lesser-known programming languages, as well as through legitimate cloud services. Tracking actors' activities and TTPs allows us to follow as they adapt new techniques and tools, and thereby prepare ourselves to react to new attacks in time."
The full report is available from the Kaspersky Securelist blog.
Image Credit: LeoWolfert/Shutterstock