Cerca

2021 Malware and TTP Threat Landscape

Resume del report "2021 Malware and TTP Threat Landscape" del nostro cyber security specialist Simone Fratus



Questo mio articolo vuole essere un breve resume del report "2021 Malware and TTP Threat Landscape" rilasciato il 15 marzo 2022 e disponibile al seguente link: https://www.recordedfuture.com/2021-malware-and-ttp-threat-landscape/

In questi ultimi giorni ho avuto modo di effettuare diversi incontri ed ho notato una certa incredulità nelle persone incontrate quando dicevo che l'italia è al 5 posto come target di attacchi cyber a livello mondiale.

Ecco alcuni dati da questo report:



Fin dall'Executive Summary vi sono punti importanti che vanno a dare forza ai nostri messaggi e che sono stati ampiamente argomentati nel nostro eBook The Big Game Hunting.

Ecco alcuni punti che mi preme sottolineare:

  • In late 2019 and throughout 2020, ransomware emerged as a major threat to larger organizations, which was considered “big game hunting” targeting.


  • The dark web market for credential theft was very successful in 2021 and also contributed to ransomware attacks, as ransomware operators often use compromised credentials for initial access in attacks.


  • Lastly, in an investigation into the top MITRE ATT&CK TTPs throughout 2021, Insikt Group identified the top 5 techniques: T1486 (Data Encrypted for Impact), T1082 (System Information Discovery), T1055 (Process Injection), T1027 (Obfuscated Files or Information), T1005 (Data from Local System).


  • Continued government and private sector intervention and pressure has successfully disrupted some ransomware groups. Several major ransomware groups have shut down operations, including Avaddon, REvil, DarkSide, and BlackMatter; however, after operations were shut down, we regularly saw affiliates who were associated with those groups shift to Conti and LockBit, which have contributed to their becoming the most active ransomware-as-a-service (RaaS) platforms this year.


  • The market for credential theft was successful in 2021 and contributed to ransomware attacks. While ransomware operators used several methods for initial access in attacks, compromised credentials were regularly exploited to obtain network access.


  • According to Recorded Future data, the top 5 trending MITRE ATT&CK techniques in 2021 were T1486 (Data Encrypted for Impact),T1082(SystemInformationDiscovery),T1055(Process Injection), T1027 (Obfuscated Files or Information), and T1005 (Data from Local System). These techniques span across 5 stages of an attack: Discovery, Privilege Escalation, Defense Evasion, Collection, and Impact; 2 of the techniques are classified under DefenseEvasion.


Chi ha avuto modo di partecipare hai nostri incontri troverà

sicuramente interessanti questi mie sottolineature a questo report.