NEWS BRIEF
After analyzing greater than one million items of malware collected in 2024, researchers have discovered that 25% of them goal person credentials.
That is thrice the quantity from 2023 and has bumped stealing credentials from password shops into the highest 10 strategies listed within the MITRE ATT&CK framework, which accounted for 93% of all malicious cyber exercise in 2024.
In “The Pink Report 2025” carried out by Picus Safety, researchers noticed that the attackers are prioritizing “advanced, extended, multi-stage assaults that require a brand new technology of malware to succeed.” In what the researchers dubbed “SneakThief,” risk actors wish to revolutionize info-stealing malware, specializing in elevated stealth, persistence, and automation.
The researchers add that risk actors probably have their sights set on these malware attributes in an effort to pull off “the right heist,” including that the majority malware samples now have the potential to take action with greater than a dozen malicious actions put in to assist unhealthy actors evade defenses, exfiltrate knowledge, and extra.
The researchers additionally report they discovered no proof that cybercriminals are utilizing AI-driven malware, and that malware samples on common can full 14 malicious actions. And of the thousands and thousands of cybercrime acts seen in 2024, exfiltration and stealth techniques made up 11.3 million.
“Specializing in High 10 MITRE ATT&CK strategies is essentially the most viable technique to cease the kill chain of subtle malware strains as early as potential,” stated Volkan Ertürk, CTO and co-founder of Picus. “SneakThief malware is just not an exception; enterprise safety groups can cease 90% of malware by specializing in simply 10 of MITRE’s whole library of strategies.”
