BeyondTrust disclosed Malware Threat Report 2021, revealing dangers and privileged misuse of accounts on Windows devices worldwide. This report was prepared by the BeyondTrust Labs team and is based on the real-world monitoring and analysis of assaults between Q1 2020 and Q1 2021, together with customers and incident response teams that are utilising BeyondTrust solutions. The paper also examines repeated threatening issues and identifies tools, strategies, and procedures against the Enterprise Framework of MITRE ATT&CK®.
The MITRE ATT&CK Framework includes 58 approaches for Cobalt Strike Threat Emission Software leveraging Windows’ privilege management against 150 current malware variants in the BeyondTrust Malware Threat report.
Key report findings:
“For decades, enterprises have made significant investments in security solutions in an attempt to strengthen their cyber defenses,” said James Maude, Lead Cybersecurity Researcher at BeyondTrust.
He also added, “Many of these investments have proven to be ineffective, particularly with changes brought on by the pandemic. Security perimeters have dissolved, creating exponential growth in attack surfaces, and rendering network monitoring and firewall technologies less effective. Endpoint privilege management solutions enable enterprises to reduce their attack surfaces while gaining greater control over their digital infrastructure.”
Although ransomware has changed visibly, it stayed quite consistent with the essential requirements for code and leveraging privileges. Whether it hits a single end point or a sophisticated, customised attack, the benefits of a pro-active reduction in attack surfaces are extremely effective with the deletion of administrative accounts and the control of execution of the application.
Threatening actors are constantly working to develop and have evolved substantially over the last year. Increasing privilege attacks and complex malware campaigns leverage new exposures to take advantage of the often susceptible defense front of an enterprise, your users.
In addition to genuine SaAS software companies, threat actors move to Malware-as-Service (MaaS), specialists in several areas like business credential sales, first access to a target organisation, lateral mobility capacity, and payload delivery.
Many distinct malware parts can now be assembled in an assault. Multiple actors, tools, and platforms might be included in a ransomware assault. Moreover, as the threatening actors try to enhance organisational disturbances and exact the maximum payments, the ransomware model also shifts to man-made, corporate attacks.
Every day, there’s a steady supply of zero-day threats and emergency patches with thousands of malware variations. Defensive measures that can be used for the privilege management of BeyondTrust include: