The H1 2024 Malware and Vulnerability Trends Report details how threat actors sharpen techniques to exploit zero-day vulnerabilities, push infostealer malware to the forefront, and bolster Magecart attacks. It urges organizations to strengthen patch management, deploy behavioral detection, and bolster e-commerce security to counter evolving threats. #LummaC2 #Magecart #IvantiSecureConnect #PANOS #MicrosoftSmartScreen
Keypoints
- Zero-day vulnerabilities: Attackers exploited remote access vulnerabilities despite patches.
- Infostealer malware: LummaC2 became prevalent, targeting credentials and sensitive data.
- Ransomware evolution: Groups like Fog, RansomHub, and 3AM adopted tactics including password validation to hinder analysis, often using loaders GuLoader and Remcos.
- Magecart attacks surge: Magecart attacks targeting e-commerce platforms increased by 103%, with tools like Sniffer by Fleras and platforms like Adobe Commerce involved.
- Protection strategies: Patch management, advanced detection, employee education, and stronger e-commerce security are recommended.
MITRE Techniques
- [T1003] Credential Dumping – Infostealers harvest credentials and sensitive information for financial gain. “Infostealers harvest credentials and sensitive information for financial gain.”
- [T1210] Exploitation of Remote Services – Attackers exploit vulnerabilities in remote access software like Ivanti Secure Connect and PAN-OS. “Attackers exploit vulnerabilities in remote access software like Ivanti Secure Connect and PAN-OS.”
- [T1486] Data Encrypted for Impact – Ransomware groups encrypt data to demand ransom, using techniques to hinder analysis. “Ransomware groups encrypt data to demand ransom, using techniques to hinder analysis.”
- [T1100] Web Shell – Magecart attacks inject malicious code into e-commerce sites to steal customer data. “Magecart attacks inject malicious code into e-commerce sites to steal customer data.”
Indicators of Compromise
- [Malware] LummaC2 and RedLine – Infostealers dominate the malware landscape; LummaC2 became the most active, targeting credentials and personal data. GuLoader and Remcos are used as loaders in attack chains.
- [Remote Access Software] Ivanti Secure Connect and PAN-OS – Vulnerabilities in remote access software exploited by attackers.
- [Software/Defense] Microsoft Windows SmartScreen – Among the top exploited vulnerabilities in H1 2024.
- [Attack Vector] Magecart and Sniffer by Fleras – Magecart attacks surged; Sniffer by Fleras used as an e-skimming tool to steal payment data.
- [Threat Actors] Fog, RansomHub, 3AM – Ransomware groups evolving tactics to hinder analysis and evade detection.
Read more: https://www.recordedfuture.com/research/h1-2024-malware-and-vulnerability-trends-report