Adrian Johnson
TLDR:
- In 2023, loaders, stealers, and RATs were the most prevalent types of malware.
- Remote access Trojans (RATs) dominated the malware family landscape in 2023, with Remcos and AgentTesla being the most prevalent.
- The use of certain MITRE ATT&CK techniques, such as mimicking legitimate file names and exploiting Rundll32, was common in 2023 and is expected to continue in 2024.
As the new year begins, a detailed report on the malware trends of 2023 provides insights into what can be expected in 2024. The report analyzed data from ANY.RUN, a malware analysis sandbox, which analyzed over 748,000 files and links in Q4 2023. The analysis identified the top malware types, families, and MITRE ATT&CK techniques used by cyber attackers.
In 2023, loaders were the most prevalent type of malware, serving as a gateway for more sophisticated attacks. Stealers, which focus on stealing financial and personal information, became the second most prevalent type, particularly surging in Q4. RATs, which grant remote access and control over infected devices, remained the most versatile type of malware and are expected to grow in prevalence in 2024.
Among the top malware families in 2023 were remote access Trojans (RATs) such as Remcos and AgentTesla. These families have enjoyed popularity due to ongoing developer support, affordable pricing, and a range of malicious capabilities. The Redline stealer, operating on a malware-as-a-service (MaaS) model, was the most popular malicious software of the year, offering a wide range of functionalities.
In terms of MITRE ATT&CK techniques, attackers frequently mimicked legitimate file names to appear trustworthy and avoid detection. Exploiting Rundll32, a legitimate Windows DLL, was also a common technique for executing malicious code. The abuse of the Windows Command Shell to execute commands and scripts and the renaming of system utilities were also prevalent techniques.
Overall, the report provides valuable insights into the evolving landscape of malware and the techniques employed by attackers. It highlights the importance of understanding these trends to stay ahead in the fight against cyber threats.
