Because the sleek year kicks off, it’s time to steal a retrospective survey at the past year’s malware panorama. Let’s survey what the discontinue malware families, Kinds, Tactics, Suggestions, and Procedures (TTPs) feeble by attackers in 2023 can repeat us about what to predict in 2024.

Files source and methodology

We utilized data from ANY to originate insights into the cybersecurity threats of 2023. ANY.RUN, a malware evaluation sandbox. This carrier analyzes thousands of files and hyperlinks customers submit worldwide, providing priceless info on emerging and chronic threats.

In Q4 2023 by myself, ANY.RUN analyzed over 748,000 files and hyperlinks, figuring out over 210 million indicators of compromise (IOCs).

Analyse Shopisticated Malware with ANY.RUN

Strive ANY.RUN Yourself with a 14-day Free Trial

Extra than 300,000 analysts exhaust ANY.RUN is a malware evaluation sandbox worldwide. Be a part of the neighborhood to habits in-depth investigations into the discontinue threats and procure detailed stories on their behavior..

Attach a matter to a Demo For Free

High Malware Kinds in 2023

In 2023, ANY.RUN detected most malware as three assorted forms, with loaders main the strategy and stealers and RATs following.

Loaders, the gateway for more refined malware, remained a huge probability all around the year. 

Their important operate is to download and install malicious payloads onto infected techniques, usually opening the door for extra assaults. The growing accessibility of loaders and the reducing attach imprint will seemingly originate them a chronic probability in 2024.

In a necessary pattern, stealers, which focal level on stealing financial info and internal most data, grew to develop into the 2nd most prevalent malware kind in 2023 despite severely surging in Q4 with 6,662 detections. 

They’re poised to remain a important anguish in 2024, particularly as cybercriminals survey to exhaust the growing reliance on on-line banking and e-commerce.

RATs, which grant attackers faraway entry to and beget watch over of infected devices, remained the most versatile form of malware, in a position to a huge number of malicious activities, from data theft to espionage. 

Despite earning their space as the commonest malware kind in Q2, they ideal grew to develop into #3 in 2023. RATs are expected to develop into more prevalent in 2024 as attackers continue to exhaust their effectiveness for plenty of malicious functions.

High Malware Households in 2023

Four of the top 5 malware families in 2023 were faraway entry Trojans (RATs), largely dominating the malware household panorama.Â

Remcos (1,385 detections in Q1) and AgentTesla (1,769 detections in Q4) were the 2 most prevalent examples, carefully followed by NjRAT and AsyncRAT. 

The reputation of the first two could maybe doubtless even be attributed to various things, including ongoing developer give a enhance to, inexpensive pricing, and a various differ of malicious capabilities. 

Having been in operation for over 8 years, Remcos and AgentTesla are positioned to remain considerable threats in 2024.

Then again, the title of most unique malicious tool of the year went to the Redline stealer, with the largest number of conditions detected by ANY.RUN in Q2. 

Operable on a malware-as-a-carrier (MaaS) mannequin, Redline’s ease of exhaust and inexpensive subscription originate it a most unique different for cybercriminals worldwide. 

Its huge arsenal, including data theft, keylogging, file exfiltration, and loader functionalities, ensures its persisted prominence in 2024.

High MITRE ATT&CK TTPs in 2023

In Q4, ANY.RUN came all around the exhaust of T1036.005 in over 98,500 malicious samples.

Attackers steadily mimic respectable file names to appear honest and beget away from detection. Due to its effectiveness and ease of exhaust, this is in a position to maybe maybe seemingly remain prevalent in 2024. 

T1218.011 is one more favorite TTP that exploits Rundll32, a sound Dwelling windows DLL, to make malicious code, allowing attackers to circumvent security measures that in overall defend towards unsigned code execution. Because it stays a respectable system for executing malicious code with out triggering security signals, this is in a position to maybe maybe beget reputation in 2024.

Ranking third with 20,097 detections in Q4, T1059.003 is in line with the abuse of the Dwelling windows Allege Shell to make commands and scripts on compromised techniques. 

It’s usually feeble to put in malware, beget shut data, and escalate privileges. Its versatility will seemingly abet it maintain its space as a top TTP in 2024.

T1036.003 deserves special consideration because, despite coming in sixth space overall, it grew to develop into a needed TTP that attackers feeble in Q3 and Q4 of 2023.

This kind lets in attackers to circumvent security ideas by renaming machine utilities. Having gained traction for the past two quarters, T1036.003 stands an staunch probability of inserting ahead its reputation in the early stages of 2024.

Strive ANY.RUN for gratis

Extra than 300,000 analysts exhaust ANY.RUN, a malware evaluation sandbox worldwide. Be a part of the neighborhood to habits in-depth investigations into the discontinue threats and procure detailed stories on their behavior.

Strive all aspects of ANY.RUN at zero attach for 14 days with a free trial.