2024 Malicious Infrastructure Insights: Key Trends and Threats
March 5, 2025, 7:07 p.m.
Description
The report highlights significant trends in malicious infrastructure for 2024, including the rise of malware-as-a-service infostealers, continued dominance of Cobalt Strike among offensive security tools, and increased use of legitimate services by threat actors. Key findings include LummaC2's dominance in command-and-control servers, AsyncRAT and Quasar RAT remaining top remote access tools, and Android being the primary target for mobile malware. The US and China were the top malicious hosting locations, while traffic distribution systems enhanced cybercrime efficiency. Chinese state-sponsored groups expanded their use of relay networks, and Russian groups increasingly relied on legitimate services to evade detection. The report suggests defenders should prioritize top malware and infrastructure techniques, enhance network monitoring, and balance blocking high-risk services based on criticality and risk level.
Tags
Date
- Created: Feb. 28, 2025, 6:30 p.m.
- Published: Feb. 28, 2025, 6:30 p.m.
- Modified: March 5, 2025, 7:07 p.m.
Attack Patterns
- SolarMarker RAT
- Mozi Botnet
- Hook
- Latrodectus
- Kaba
- Sogu
- DestroyRAT
- TVT
- Thoper
- PlugX - S0013
- Brute Ratel C4
- Korplug
- GobRAT
- DcRAT
- QuasarRAT
- LummaC2
- Cobalt Strike - S0154
- AsyncRAT
- T1585
- T1568
- T1037
- T1583
- T1199
- T1573
- T1547
- T1071
- T1102
- T1036
- T1204
- T1132
- T1027
- T1553
- T1584
- T1190
- T1133
- T1090
- T1078
- T1059
Additional Informations
- Angola
- British Indian Ocean Territory
- India
- Australia
- China
- France
- Brazil
- United States of America