By Nathaniel Raymond
Agent Tesla has change into a massively well-liked alternative of malware for risk actors since its first look in 2014 and for good causes. This vetted Malware-as-a-Service, MaaS, owes its reputation to many enticing elements that Cofense has damaged down in a earlier Strategic Evaluation which embody being an reasonably priced malware service possibility, simple to make use of, having a number of capabilities at and through an infection time, and being versatile in its exfiltration selections. These options, coupled with Agent Tesla’s comparatively lengthy life, have led this malware household to change into essentially the most widespread malware distributed in electronic mail campaigns seen by Cofense. This Strategic Evaluation goals to investigate this five-year historic development in electronic mail campaigns delivering Agent Tesla to grasp Agent Tesla’s current previous tendencies higher and get a glimpse of potential future tendencies. A fast overview of the development evaluation means that Agent Tesla electronic mail campaigns proceed to rise yearly, with Q3 and This autumn being notably increased in electronic mail quantity.
Key Factors
- Agent Tesla is a well-liked MaaS that entices risk actors of various ability levels by way of enticing options similar to being an reasonably priced malware service with a number of capabilities to exfiltrate and steal customers’ knowledge.
- Agent Tesla has an extended historical past, relationship to its discovery in 2014. Since then, it has solely change into extra well-liked yearly, with most campaigns in Q3 and This autumn of every yr.
- Agent Tesla has had an enormous surge in the course of the peak of the COVID-19 epidemic, that’s probably on account of lockdowns and work-from-home mandates. The development evaluation means that Agent Tesla has solely since grown in reputation.
Recap: What’s Agent Tesla?
By now, Agent Tesla wants no introduction. Nonetheless, a fast overview of Agent Tesla is that it’s an reasonably priced MaaS, written utilizing the .NET framework, with a number of capabilities throughout and after the preliminary an infection. Agent Tesla will be thought of a little bit of a Swiss military knife. It might play a number of roles as a keylogger and an info stealer and makes use of some RAT-like monitoring functionalities. Agent Tesla also can obtain different malicious packages after an infection. These options, coupled with the malware’s potential to make use of many exfiltration strategies similar to FTP, SMTP, Net Panels, and even Telegram bots, make this malware an extremely well-liked alternative amongst risk actors of various ability ranges.
Developments: Yearly
The general tendencies in Determine 1, agree that Agent Tesla has elevated yearly, with 2021 having essentially the most quantity. The 2021 quantity enhance was probably on account of obligatory stay-at-home mandates declared in the course of the peak of the COVID-19 pandemic which made some customers do business from home. This was a problem for a lot of companies as staff could not have been accustomed to working at house throughout this time. Though Agent Tesla elevated in 2021, this spike in quantity was solely one in all many threats to extend in 2021, because the FBI (Federal Bureau of Investigation) claimed a 400% enhance in cyber-attacks seen in the course of the pandemic. We witness that 2022 and 2023 have elevated since 2019 and 2020 with 2023 being essentially the most quantity except for 2021. We additionally be aware that if tendencies proceed, this yr may even see Agent Tesla reaching volumes seen in 2021.
Determine 1: Agent Tesla volumes by yr.
Developments: Quarterly
Whereas Agent Tesla or a supply mechanism(s) that delivers Agent Tesla could probably attain a consumer’s inbox at any time, Determine 2 means that Q3 and This autumn have the best quantity per yr marking them because the time Agent Tesla poses the next likelihood, just by quantity. In 2024 and in contrast to different first quarters prior to now 5 years, the primary quarter of 2024 noticed essentially the most emails delivering Agent Tesla by quantity. Not solely has Q1 of 2024 beat earlier Q1 quarters, nevertheless it additionally has overshadowed many earlier quarters of their respective years. This lends credibility to the tendencies in Determine 1, which present that Agent Tesla volumes are projected to extend yearly.
Determine 2: Agent Tesla quarterly tendencies.
Reaching New Heights
Because of the detection enhancements made at Cofense, we will see that not solely did Q1 of 2024 have extra quantity than many of the previous quarters prior to now 5 years, but additionally has been attributed to growing weekly volumes and averages. Nonetheless, you will need to acknowledge that this commentary in Q1 2024 doesn’t essentially point out a rise within the distribution of Agent Tesla as an entire. Relatively, it displays the enhancements in our detection capabilities, permitting us to establish a larger extent of the present situations.
Determine 3: Yr-over-year common enhance.
Placing It All Collectively
With enhanced detection capabilities made at Cofense growing weekly averages and Q1 2024 numbers, 2024 is about to probably repeat this development once more this yr, thus following the growing quantity development in Determine 1 which is trying to probably meet or exceed 2021 electronic mail volumes. Q3 by way of This autumn annually has essentially the most potential that Agent Tesla might be delivered to a consumer’s inbox merely due to elevated volumes versus Q1 or Q2 as proven in Determine 2.