Picus Security Finds 3X Increase in Malware Targeting Password Stores
04 February 2025 - 11:04AM
UK Regulatory
Picus Security Finds 3X Increase in Malware Targeting Password
Stores
Analysis of over 1 million malware samples shows just 10
MITRE ATT&CK techniques accounted for 93% of all malicious
actions in 2024
SAN FRANCISCO, Feb. 04, 2025 (GLOBE NEWSWIRE) --
Picus Security, the leading security validation company, today
released The Red Report™ 2025. Based on an in-depth analysis of
more than 1 million pieces of malware collected in 2024, the fifth
annual report reveals that 25% of malware targets credentials in
password stores — a 3X increase from 2023. For the first time ever,
stealing credentials from password stores is in the top 10
techniques listed in the MITRE ATT&CK Framework. The report
reveals that these top 10 techniques accounted for 93% of all
malicious actions in 2024.
“Threat actors are leveraging sophisticated extraction methods,
including memory scraping, registry harvesting and compromising
local and cloud-based password stores, to obtain credentials that
give attackers the keys to the kingdom,” said Picus Security
co-founder and VP of Picus Labs, Dr. Suleyman Ozarslan. “It’s vital
that password managers are used in tandem with multi-factor
authentication, and that employees never reuse a password,
especially for their password manager.”
Picus observed that attackers are prioritizing complex,
prolonged, multi-stage attacks that require a new generation of
malware to succeed. Picus Labs researchers coined the term
“SneakThief” to represent the evolution of info-stealing malware,
which involves increased stealth, persistence and automation. They
liken the increasingly sophisticated approach to “the perfect
heist,” noting that most malware samples now contain more than a
dozen malicious actions designed to help attackers evade defenses,
increase permissions and exfiltrate data.
“Focusing on Top 10 MITRE ATT&CK techniques is the most
viable way to stop the kill chain of sophisticated malware strains
as early as possible”, said Volkan Ertürk, CTO and co-founder of
Picus. “SneakThief malware is not an exception, enterprise security
teams can stop ninety percent of malware by focusing on just 10 of
MITRE’s entire library of techniques.”
Additional key findings from the report include:
- Malware samples now contain an average of 14 malicious
actions. This means each individual piece of malware is
more complex and can perform more actions in the cyber kill
chain.
- Exfiltration and stealth tactics made up 11.3 million
actions in 2024. Adversaries are shifting to covert
exfiltration methods — “whispering channels” like encrypted
communications (HTTPS, DoH) — and living-off-the-land techniques to
blend malicious activity into legitimate traffic. It is more common
than ever to see tactics like process injection and application
layer protocols used as key enablers, allowing attackers to persist
in environments and exfiltrate data without triggering an
alert.
- No evidence that cybercriminals are using AI-driven
malware. Despite the widespread hype surrounding AI and
its potential applications in cybersecurity, Picus’s analysis
revealed no significant increase in the use of AI-driven malware
techniques in 2024.
Methodology
Picus Labs processed 1,094,744 pieces of malware collected between
January and December 2024. From the identified malicious files,
14,010,853 malicious actions were detected, averaging approximately
14 actions per malware sample. These malicious actions were
systematically mapped to the MITRE ATT&CK framework. The Picus
Red Report offers a more in-depth description of the research
methodology.
To learn more, download the Picus Red Report 2025 and register
to explore the report results with the Picus Research team during a
(live) webinar on Thursday, February 27, 2025, at 1:00 p.m.
EST.
Resources
- Download the Picus Red Report™ 2025
- Read the Picus Red Report Blog
About Picus Security
Picus Security, the leading security validation company, gives
organizations a clear picture of their cyber risk based on business
context. Picus transforms security practices by correlating,
prioritizing and validating exposures across siloed findings so
teams can focus on critical gaps and high-impact fixes. With Picus,
security teams can quickly take action with one-click mitigations
to stop more threats with less effort.
The pioneer of Breach and Attack Simulation, Picus delivers
award-winning, threat-centric technology that allows teams to
pinpoint fixes worth pursuing, offering a 95% recommendation in
Gartner® Peer Insights™ Customers’ Choice for 2024 in the BAS tools
category.*
Contact Info:
Jennifer Tanner
Look Left Marketing
picus@lookleftmarketing.com
Photos accompanying this announcement are available at:
https://www.globenewswire.com/NewsRoom/AttachmentNg/73c8bf25-cd5e-41a8-8b6d-4561fe99df09
https://www.globenewswire.com/NewsRoom/AttachmentNg/009eaa50-d2e3-4bee-aadb-f2140af1864c