Malware Threat Report 2021

This research report provides insights and analysis into threats and privileged account misuse on Windows devices across the globe. This research is from the same BeyondTrust Labs team that publishes the annual Microsoft Vulnerabilities Report.

This report is based on real-world monitoring and analysis of attacks between Q1 2020 and Q1 2021 discovered in the wild by the BeyondTrust Labs team, with collaboration from customers and incident response teams using BeyondTrust’s products. In addition to general insights into the threat landscape, the report also dives into reoccurring threat themes and maps out Tools, Techniques, and Procedures (TTPs) against the MITRE ATT&CK® Enterprise Framework.

BeyondTrust Labs explored the 58 techniques in the MITRE ATT&CK Framework lists for Cobalt Strike (threat emulation software), and 66% of the techniques either recommend using Privileged Account Management, User Account Management, and Application Control as mitigations or list Administrator / SYSTEM accounts as being a prerequisite for the technique to succeed. Therefore, the control of privileges and application execution is a key defensive measure in mitigating Cobalt Strike and tools/malware with similar capabilities, by reducing the attack surface and denying code execution and privileged rights.

KEY FINDINGS

1. Absent the right protection, malware will disable endpoint security controls and undermine your security investment.
2. We are observing a growing trend in the use of native tools to perform fileless attacks in the initial stages until a strong foothold and persistence mechanism is established and security controls have been disabled.
3. The MITRE ATT&CK Framework provides an effective way to distill a wide range of malware strains and cyberattacks into component techniques, which can then be mitigated.
4. BeyondTrust’s out-of-the-box policies proactively disrupted all 150 different, common attack chains tested in our analysis.
5. Removal of admin rights and implementation of pragmatic application control are two of the most effective security controls for preventing and mitigating the most common malware threats.