Malware gets more sophisticated and is more likely to demand a ransom

No Comments
malware alert

New analysis of more than 200,000 malware samples by Picus Security, a pioneer of Breach and Attack Simulation (BAS) technology, looks at attacker behavior over the last 12 months.

The 2021 Red Report highlights the top 10 most widely seen attack techniques and demonstrates how cybercriminals have shifted towards ransomware over the last year.

In addition to being more likely to encrypt a target's data, the report shows that malware variants in 2021 are increasingly sophisticated and evasive, making it harder to detect and respond to them.

In a similar study in 2020, Picus reported that, on average, nine malicious actions were exhibited by a single malware file, a figure which has risen to 11 actions per file in 2021. This year has also seen a spike in malicious malware designed to encrypt a target's data. The MITRE ATT&CK technique 'Data Encrypted for Impact' enters the Red Report top ten for the first time, with one in five malware variants now able to encrypt files.

"Variant has become a word that strikes panic into most people, but security teams have been concerned by the threat of new malware variants for years," says Dr Süleyman Özarslan, co-founder of Picus Security and VP of Picus Labs. "The 2021 Red Report top ten highlights the proliferation of ransomware and the extent to which attackers continue to vary their approach, including using defense evasion and other sophisticated techniques to achieve their objectives."

Five of the top ten techniques observed are categorized as 'Defense Evasion' tactics. Two thirds of malware files include at least one such technique, underlining attackers' determination to avoid detection. In addition five percent of malware files analyzed in the report exhibit virtualization/sandbox evasion tactics. These malware variants can change their behavior in a virtual machine environment (VME) or sandbox, which helps them evade detection and analysis.

Özarslan concludes, "Only by adopting a threat-centric approach can organizations fully understand how prepared they are to defend against the most common attack techniques and develop the capabilities needed to prevent, detect and respond to them continuously."

The full report is available from the Picus site.

Photo Credit: Rawpixel.com/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Vivaldi 6.7 debuts Memory Saver performance booster, expands Feed Reader capabilities

Best Windows apps this week

Addressing digital transformation needs in the public sector [Q&A]

The psychological impact of phishing attacks on your employees

Canonical releases Ubuntu Linux 24.04 LTS 'Noble Numbat'

New tool lets enterprises build their own secure gen AI chatbots

Younger women are going into cybersecurity but more needs to be done

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.