As the calendar flips to a new year, it’s essential to reflect on the cyber threats that shaped the past twelve months to better anticipate future cybersecurity challenges. This analysis delves into the predominant malware types, families, and tactics that cybercriminals leveraged in 2023, illuminating trends that may continue or evolve in 2024.
Methodology and Data Analysis
Utilizing data from the malware analysis service ANY.RUN, which processes user-submitted files and links from around the globe, insights into the cyber threats of 2023 were obtained. The service’s ability to identify indicators of compromise was significant, with over 748,000 files and links analyzed and more than 210 million IOCs detected in the final quarter of 2023 alone.
Prevalent Malware Varieties of 2023
The past year saw loaders, stealers, and remote access Trojans (RATs) as the most encountered malware types. Loaders stood out as the primary threat, serving as a bridge for more sophisticated malware attacks. Meanwhile, stealers, which pilfer financial and personal data, surged in prevalence, likely to persist in 2024 due to increased online financial activity. RATs, known for their multi-faceted malicious capabilities, rounded out the top three, with indications that their use will expand in the upcoming year.
Key Malware Families in Focus
RATs dominated the malware family scene, with Remcos and AgentTesla leading in detections. Their success is attributable to continuous updates, affordability, and a wide array of malicious functions. Redline stealer, famous for its data theft and loader features, also made significant strides, becoming the most detected malware in the second quarter, thriving on its malware-as-a-service model.
The top tactics, techniques, and procedures (TTPs) outlined by the MITRE ATT&CK framework were also analyzed. The most employed TTP involved the camouflage of malicious samples under legitimate file names, a method expected to maintain its popularity. Other notable TTPs included the exploitation of Rundll32 and the Windows Command Shell, suggesting that attackers will continue to leverage these reliable avenues for their nefarious activities.
As cyber threats evolve, ANY.RUN offers a vital resource for over 300,000 analysts worldwide, providing an in-depth look into emerging threats and their mechanisms. The service encourages new users to explore its capabilities with a 14-day free trial, inviting them to join the community’s effort to combat cyber risks.
