BeyondTrust discloses Malware Threat Report 2021, revealing dangers and privileged misuse of accounts on Windows devices worldwide

BeyondTrust disclosed Malware Threat Report 2021, revealing dangers and privileged misuse of accounts on Windows devices worldwide. This report was prepared by the BeyondTrust Labs team and is based on the real-world monitoring and analysis of assaults between Q1 2020 and Q1 2021, together with customers and incident response teams that are utilising BeyondTrust solutions. The paper also examines repeated threatening issues and identifies tools, strategies, and procedures against the Enterprise Framework of MITRE ATT&CK®.

The MITRE ATT&CK Framework includes 58 approaches for Cobalt Strike Threat Emission Software leveraging Windows’ privilege management against 150 current malware variants in the BeyondTrust Malware Threat report.

Key report findings:

• Absent the correct protection, malware disables security checks at endpoints and undermines investment in security.
• Initial attacks using native tools are a rising trend that enables an attacker to obtain a solid footing by setting up a persistance mechanism with deactivated security checks.
• A large number of malware strains and cyberattacks are effectively distilled into component techniques by the MITRE ATT and CK Framework, which may be neutralised.
•  All 150 separate common attack chains evaluated for BeyondTrust Privilege Management for out-of-the-box policies of the Window proactively disrupted.
•  Removal of admin rights and application control measures is two of the most effective safety inspections to prevent and mitigate the most frequent malware attacks.

“For decades, enterprises have made significant investments in security solutions in an attempt to strengthen their cyber defenses,” said James Maude, Lead Cybersecurity Researcher at BeyondTrust.

He also added, “Many of these investments have proven to be ineffective, particularly with changes brought on by the pandemic. Security perimeters have dissolved, creating exponential growth in attack surfaces, and rendering network monitoring and firewall technologies less effective. Endpoint privilege management solutions enable enterprises to reduce their attack surfaces while gaining greater control over their digital infrastructure.”

Although ransomware has changed visibly, it stayed quite consistent with the essential requirements for code and leveraging privileges. Whether it hits a single end point or a sophisticated, customised attack, the benefits of a pro-active reduction in attack surfaces are extremely effective with the deletion of administrative accounts and the control of execution of the application.

Threatening actors are constantly working to develop and have evolved substantially over the last year. Increasing privilege attacks and complex malware campaigns leverage new exposures to take advantage of the often susceptible defense front of an enterprise, your users.

In addition to genuine SaAS software companies, threat actors move to Malware-as-Service (MaaS), specialists in several areas like business credential sales, first access to a target organisation, lateral mobility capacity, and payload delivery.

Many distinct malware parts can now be assembled in an assault. Multiple actors, tools, and platforms might be included in a ransomware assault. Moreover, as the threatening actors try to enhance organisational disturbances and exact the maximum payments, the ransomware model also shifts to man-made, corporate attacks.

Every day, there’s a steady supply of zero-day threats and emergency patches with thousands of malware variations. Defensive measures that can be used for the privilege management of BeyondTrust include:

• Execution and Persistence – Control code and what can execute through allow listing, limiting the attacker’s ability to succeed.
• Privilege Escalation – Without access to a local administrator or other privileged accounts, the attacker is limited in the systems and data they can access.
• Defensive Evasion – To evade detection, an attacker needs both the privileges and the ability to execute code to tamper with system settings and security tools.