The next most prevalent malware programs were observed guiltloaders, a JavaScript-based downloader and dropper; Wirefire, a Python web shell for Evanti Pulse safe devices; Systembc, a proxy tonler with a custom communication protocol that can also execute the additional payload from the C2 server; And Akira, Rainsamab, Lockbit and Basta Rainmware programs.
Stolen and weak credentials fuel ransomware and cloud compromises
In terms of ransomware, the most common transition vector viewed by Mandient last year had brut-form attacks (26%), such as password spraying and using general default credentials, followed by stolen credibility and exploits (21%each), sold access (15%) (10%).
Cloud accounts and assets were compromised through phishing (39%), stolen credibility (35%), SIM swapping (6%), and voice phishing (6%). More than two-thirds of cloud agreement resulted in data stolen and 38% of financial data forcibly recovery, professional email agreement, ransomware and cryptocurrency fraud, which are the leading goals.
