The study found that 60% of attacks were carried out using infected software.
The study showed that in 2023, malware became the main method of attacks on companies infrastructure, accounting for 60% of the total number of cases. According to Positive Technologies experts, attackers most often use email to deliver malicious programs, hiding them in archived files. When these programs get to devices, they usually use legitimate operating system functions to scout, bypass security, and secure themselves in the infrastructure.
The analysis of malware distributed in Russia allowed us to identify the ten most popular techniques according to MITRE ATT&CK. The most common technique is the "Open Application Search" technique, where malware tries to get a list of open application windows in order to collect information about security tools and find valuable confidential data. In the context of the second technique — "Weakening protection" — the VPO modifies the components of the victim's infrastructure, which can disrupt the operation of security tools and their mechanisms. Experts concluded that malicious programs often use legitimate operating system functions to conduct intelligence on a compromised device, perform malicious actions,and weaken security. The third most popular technique is "Bypassing virtualization or sandboxing", when using various checks, the VPO is able to determine in which environment it is running, and when detected, it is able to change its behavior in order to hide its malware.
The most common type of malware is cryptographic programs, which accounted for 57% in 2023. The most frequent victims of such attacks were medical institutions (18%), scientific and educational organizations (14%) and industrial enterprises (12%). Spyware has also become more popular: its share in 2023 increased from 12% to 23%. Among spyware programs, FormBook and Agent Tesla are the leaders.
Email remains the main malware delivery channel: 57% of attacks started with phishing emails. To increase the success of their campaigns, attackers disguise messages as legitimate ones based on people's emotions.For example, they mark messages as urgent or send notifications about unsent emails that may arouse curiosity. So, Positive Technologies experts found one client sending out emails under the guise of a claim demanding a refund.
Attackers usually use file attachments attached to messages to deliver the payload: these campaigns account for 56% of incidents. Most often, cybercriminals distribute malicious programs through archives with the extension .zip, .rar, .7z and others (37%). This method allows you to disguise malicious programs as legitimate documents or images, hiding them from security tools. Links in the body of emails are also frequently used (43%), which allows you to download malware in the background. In order to remain undetected, cybercriminals can, for example, perform several consecutive redirects from one resource to another and attach a QR code to the email that will hide malicious URLs.
To protect your company's infrastructure from malware, you must meet basic cybersecurity requirements: don't click on suspicious links, use complex passwords, and use two-factor authentication. It is important to implement information security products for comprehensive protection, including checking their effectiveness.
The study showed that in 2023, malware became the main method of attacks on companies infrastructure, accounting for 60% of the total number of cases. According to Positive Technologies experts, attackers most often use email to deliver malicious programs, hiding them in archived files. When these programs get to devices, they usually use legitimate operating system functions to scout, bypass security, and secure themselves in the infrastructure.
The analysis of malware distributed in Russia allowed us to identify the ten most popular techniques according to MITRE ATT&CK. The most common technique is the "Open Application Search" technique, where malware tries to get a list of open application windows in order to collect information about security tools and find valuable confidential data. In the context of the second technique — "Weakening protection" — the VPO modifies the components of the victim's infrastructure, which can disrupt the operation of security tools and their mechanisms. Experts concluded that malicious programs often use legitimate operating system functions to conduct intelligence on a compromised device, perform malicious actions,and weaken security. The third most popular technique is "Bypassing virtualization or sandboxing", when using various checks, the VPO is able to determine in which environment it is running, and when detected, it is able to change its behavior in order to hide its malware.
The most common type of malware is cryptographic programs, which accounted for 57% in 2023. The most frequent victims of such attacks were medical institutions (18%), scientific and educational organizations (14%) and industrial enterprises (12%). Spyware has also become more popular: its share in 2023 increased from 12% to 23%. Among spyware programs, FormBook and Agent Tesla are the leaders.
Email remains the main malware delivery channel: 57% of attacks started with phishing emails. To increase the success of their campaigns, attackers disguise messages as legitimate ones based on people's emotions.For example, they mark messages as urgent or send notifications about unsent emails that may arouse curiosity. So, Positive Technologies experts found one client sending out emails under the guise of a claim demanding a refund.
Attackers usually use file attachments attached to messages to deliver the payload: these campaigns account for 56% of incidents. Most often, cybercriminals distribute malicious programs through archives with the extension .zip, .rar, .7z and others (37%). This method allows you to disguise malicious programs as legitimate documents or images, hiding them from security tools. Links in the body of emails are also frequently used (43%), which allows you to download malware in the background. In order to remain undetected, cybercriminals can, for example, perform several consecutive redirects from one resource to another and attach a QR code to the email that will hide malicious URLs.
To protect your company's infrastructure from malware, you must meet basic cybersecurity requirements: don't click on suspicious links, use complex passwords, and use two-factor authentication. It is important to implement information security products for comprehensive protection, including checking their effectiveness.
