Red Canary: 72 Percent of Companies Fell Victim to Command and Scripting Interpreter Attacks

Red Canary released its “2021 Threat Detection Report.” This document analyzed approximately 20,000 confirmed threats that were detected across customer environments. Red Canary employed the MITRE ATT&CK framework to provide a “bird’s eye view” of malicious behavior, in addition to empowering the user to address threats.

Top MITRE ATT&CK techniques observed included T1059 Command and Scripting Interpreter (24 percent), T1218 Signed Binary Process Execution (19 percent) and T1543 Create and Modify System Process and T1053 Scheduled Task / Job (16 percent each).

Of note, the Command and Scripting Interpreter alone encompassed 4,798 threats, affecting 72.2 percent of organizations surveyed, while Signed Binary Process Execution hit 49.3 percent, with 3,755 confirmed threats.

Despite the numbers, Red Canary did note that no ransomware family made its top 20, despite the presence of ransomware precursors like Qbot, Emotet and Trickbot, indicating that “we, our customers and the community are having some success at responding before these threats fully materialize.” Instances of ransomware logged came through Red Canary’s incident response partners.

Red Canary logged 400 billion pieces of telemetry, gaining 14 million investigative leads and calculating 20,000 confirmed threats.