New “Swiss Army Malware” can develop more threats than ever before

Crooks are developing malware capable of increased damage

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The days of specializedmalwareare slowly coming to an end, as modern variants are being designed to be able to do many things and carry as many features as possible, new research has claimed.

A report from Picus Security analyzing more than 550,000 real-world samples found that “Swiss Army knife malware” - multi-purpose strains capable of performing all kinds of actions, is on the rise.

In fact, a third of all of the malware analyzed for the report carries at least 20 individual Tactics, Techniques, and Procedures (TTP), the report claims. The average malware leverages 11 TTPs, while one in ten has as many as 30 TTPs. Among the most common features are the abuse of legitimate software, lateral movement, and file encryption.

Heavy investing

As per the MITRE ATT&CK adversary behavior framework, command and scripting interpreter is the most prevalent ATT&CK technique, observed in almost a third of all malware samples.

Remote System Discovery and Remote Services have appeared in the research paper’s top ten for the first time, further strengthening the researchers’ conclusion that malware can now abuse built-in tools and protocols inoperating systemsto evade detection.

Four out of 10 of the most prevalent ATT&CK techniques identified are used to aid lateral movement inside corporate networks, while a quarter are capable of encrypting data.

What is malware and how dangerous is it?>7 signs your computer might have malware>Check out the best firewalls around

All of these things have been made possible, Picus’ researchers found, through heavy investing. Ransomware syndicates are “well-funded”, they said, and they’re happy to re-invest those funds back into building even more dangerous malware. Furthermore, advancements in behavior-based detection methods that the defenders use to keep their premises secure have forced cybercriminals into coming up with new solutions.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The goal ofransomwareoperators and nation-state actors alike is to achieve an objective as quickly and efficiently as possible,” said Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs.. “The fact that more malware can conduct lateral movement is a sign that adversaries of all types are being forced to adapt to differences in IT environments and work harder to get their payday.”

“Faced with defending against increasingly sophisticated malware, security teams must also continue to evolve their approaches. By prioritizing commonly used attack techniques, and by continuously validating the effectiveness of security controls, organizations will be much better prepared to defend critical assets. They will also be able to ensure that their attention and resources are focused in areas that will have the greatest impact.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Black Friday sale preview at Walmart – the best deals I’d buy starting at just $10