Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools now make up the majority of malicious tools in use by attackers, according to a new study.
The report from Darktrace shows malware loaders (77 percent of investigated threats) are the most common tool, followed by cryptominers (52 percent), and botnets (39 percent).
Information-stealing malware accounts for 36 percent of investigated threats, while proxy botnets made up 15 percent.
Darktrace has identified Hive ransomware as one of the major RaaS attacks at the beginning of 2023. With the dismantling of Hive by the US government in January 2023, Darktrace observed the rapid growth of a range of threats filling the void, including ScamClub, a malvertising actor notorious for spreading fake virus alerts to notable news sites, and AsyncRAT, responsible for attacking US infrastructure employees in recent months.
Another new trend is the growth of malware developed with multiple functions to inflict maximum damage. Often deployed by sophisticated groups like cyber cartels, these Swiss Army knife-style threats combine capabilities. For example, the recent Black Basta ransomware also spreads the Qbot banking trojan for credential theft. Such multi-tasking malware lets attackers cast a wide net to monetize infections.
Thanks to the heavy reliance on email and collaboration tools in business, more traditional methods like phishing continue to cause a headache for security teams. Darktrace detected 10.4 million phishing emails across its customer base between the 1st September and the 31st December 2023. Tactics are evolving though, one example being the rise of Microsoft Teams phishing in which attackers contact employees through Teams, posing as a co-worker and tricking them into clicking malicious links.
“Throughout 2023, we observed significant development and evolution of malware and ransomware threats, as well as changing attacker tactics and techniques resulting from innovation in the tech industry at large, including the rise in generative AI. Against this backdrop, the breadth, scope, and complexity of threats facing organizations has grown significantly,” says Hanah Darley, director of threat research at Darktrace. “Security teams face an up-hill battle to stay ahead of attackers, and need a security stack that keeps them ahead of novel attacks, not chasing yesterday’s threats.”
The full End of Year Threat Report is available from the Darktrace site.
Photo Credit: Rawpixel.com/Shutterstock
