As strange as it might sound, a single-stage malware attack might be considered almost old-fashioned in the near future. An organization or user can be attacked with relatively straightforward ransomware that immediately threatens a cryptolock on data if payment is not forthcoming. Nowadays, these single-stage malware attacks have been supplemented and sometimes replaced with far more sophisticated multistage attacks that include an initial downloader, the main component of the malware, and additional modules delivered over a period of days, weeks, or more.
However, what used to be advanced has now been commoditized. Multistage attack kits and associated malware is now available either at open source code communities or at malware-as-a-service sites that provide downloads to criminals, rogue nations, and other bad actors.
Trickbot and EmotetRecent examples of commodity multistage malware include Trickbot and Emotet. Trickbot is a banking Trojan that targets users' financial information and can act as a dropper for other malware. An attacker can leverage TrickBot's modules to steal banking information such as passwords and credit card numbers, conduct system and network reconnaissance, and propagate additional malware across networks or other areas.
Emotet, another banking Trojan, is often used in untargeted "watering hole" attacks ─ everyone who goes to the well gets infected. After systems are compromised, attackers will survey the infected system or network to determine what value the target has. The program can then be used to inject code into the networking stack of an infected Microsoft Windows computer, allowing sensitive data to be monitored, corrupted via ransomware, or the access can be sold to a third party depending on the motivations of the attacker and the value of the compro ..
Support the originator by clicking the read the rest link below.
