Cyber threats are evolving so rapidly that they now require constant monitoring. Attacks observed during the first quarter of 2019 make it clear that cybercriminals are not only increasing the sophistication of their methods and tools, but that they are also diversifying. Recent attacks use a wide range of attack strategies, from targeted ransomware, custom coding, living-off-the-land (LoTL) strategies, and exploiting pre-installed tools to move laterally and stealthily across a network to launch or extend an attack.
Another interesting trend is that threat actors are increasingly leveraging existing malware components, such as those offered on Dark Web sites either as open code or as Malware as a Service (MaaS). We are also learning that many attacks leverage common infrastructures, such as domains from which they launch attacks or run C2 services. For instance, nearly 60% of threats shared at least one domain from a handful of web service providers, indicating the majority of botnets not only leverage established infrastructure for distribution, but gravitate towards the same resources.
The degree to which different threats share infrastructure shows some valuable…