As malicious software, just like its benign counterpart, transforms more towards being a service rather than a product, customer support becomes a major factor in its overall success.
Yes, you've read that right – hackers nowadays choose their tools based on the customer experience and the support they get from the service's authors.
This is one of the takeaways from Cofense Intelligence's latest report, the Q3 2019 Malware Trends.
In the report, Cofense claims that hackers have moved away from predominantly information-stealing bots, such as the Loki Bot in Q3 (compared to Q2), towards keyloggers like Agent Tesla.
The main reason, the report's authors claim, is the ease of use and the support hackers get from Agent Tesla's authors. The keylogger is easily used through a consumer web interface, while the tool's authors are available on Discord for any and all questions.
Another important takeaway from the report is the fact that the United States remain the most popular country to locate command & control servers for ransomware and malware. This is despite the fact that ransomware is generally on the decline, with many of the most popular families being discontinued. More than a third (35 per cent) of all C&C servers were located in the States for the quarter, less than a percentage point fewer, compared to the quarter before.
The US is followed by Russia, Germany, the Netherlands and Great Britain, whose combined efforts amount to roughly a quarter.
“Cofense Intelligence expects to see an uptick in malware activity—largely driven by the resurgence of Emotet up until the holiday lull,” the report concludes.
“Threat actors will continue to abuse legitimate business operational software (like Microsoft Office products) while also taking advantage of unpatched and legacy operating systems. However, to ensure their success in phishing campaigns, threat actors will almost certainly progress their Tactics, Techniques, and Procedures (TTPs). New phishing templates, malware variants, and delivery mechanisms will find their way to organizations and individuals. As threat actor TTPs continue to evolve, innovation for security solutions will need to grow in the same way.”