With the number of attacks rising throughout 2020 and 2021 researchers have noted another trend. “Malware as a Service” and partnerships to strengthen the chances of successful operations. As Emotet strikes grew in 2020 and 2021 it would move beyond initial infection sometimes using TrickBot and Ryuk throughout the attack. The separation of these roles allow groups the time to focus on evolving their specific technique without having to pivot and develop remaining phases. FIN6 and Trickbot were observed working together beginning mid 2020 utilizing Trickbot’s framework to drop a backdoor created by FIN6 establishing persistence and means for data exfiltration. As attackers pick up the pace, APT groups willing to use different malware created by third party malware developers can sacrifice stealth for ease of access. Malware already observed in use is documented and tracked allowing for easier detection.
Analyst Notes
While it seems this enables attackers greater ability in operation it can leave in a lack of innovation which is leading to more frequent detection and prevention. Enterprise with solid security teams are just as capable in stopping these threats. Security Operations Centers keep an eye on day to day operations while Intelligence Teams and Threat Hunters are actively tracking activity of groups and identifying compromise mitigating impacts of the attack. When it is not a viable choice for in house operations Binary Defense offers these services to fill that gap.