Data source and methodology
Document
Try ANY.RUN Yourself with a 14-day Free Trial
Top Malware Types in 2023
Loaders, the gateway for more sophisticated malware, remained a significant threat throughout the year.
Their primary function is to download and install malicious payloads onto infected systems, often opening the door for further attacks. The increasing accessibility of loaders and the decreasing price tag will likely make them a persistent threat in 2024.
They are poised to remain a major concern in 2024, particularly as cybercriminals seek to exploit the growing reliance on online banking and e-commerce.
RATs, which grant attackers remote access to and control of infected devices, remained the most versatile type of malware, capable of various malicious activities, from data theft to espionage.
Top Malware Families in 2023
Four of thetop five malware families in 2023 were remote access Trojans (RATs), largely dominating the malware family landscape.
The popularity of the first two can be attributed to several factors, including ongoing developer support, affordable pricing, and a diverse range of malicious capabilities.
Having been in operation for over 8 years, Remcos and AgentTesla are positioned to remain significant threats in 2024.
Operable on a malware-as-a-service (MaaS) model, Redline’s ease of use and affordable subscription make it a preferred choice for cybercriminals worldwide.
Its extensive arsenal, including data theft, keylogging, file exfiltration, and loader functionalities, ensures its continued prominence in 2024.
Top MITRE ATT&CK TTPs in 2023
Attackers frequently mimic legitimate file names to appear trustworthy and avoid detection. Due to its effectiveness and ease of use, it will likely remain prevalent in 2024.
T1218.011 is another popular TTP that exploits Rundll32, a legitimate Windows DLL, to execute malicious code, allowing attackers to bypass security measures that typically protect against unsigned code execution. Since it remains a reliable method for executing malicious code without triggering security alerts, it will retain popularity in 2024.
Ranking third with 20,097 detections in Q4, T1059.003 is based on the abuse of the Windows Command Shell to execute commands and scripts on compromised systems.
It is often used to install malware, steal data, and escalate privileges. Its versatility will likely help it sustain its position as a top TTP in 2024.
T1036.003 deserves special attention because, despite coming in sixth place overall, it became a crucial TTP that attackers used in Q3 and Q4 of 2023.
This technique allows attackers to bypass security solutions by renaming system utilities. Having gained traction for the past two quarters, T1036.003 stands a good chance of maintaining its popularity in the early stages of 2024.
