Deep Instinct unveiled findings from its bi-annual Threat Landscape Report. The Deep Instinct Threat Research team monitored attack volumes and types and then extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and most importantly, lays out the steps organizations can take to protect themselves.
One pronounced takeaway from this research is that bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race.
Specific attack vectors have grown substantially, including a 170 percent rise in the use of Office droppers along with a 125 percent uptick in all threat types combined. The volume of all malware types is higher versus pre-pandemic.
In addition, threat actors have made a discernable shift away from older programming languages, such as C and C++, in favor of newer languages, such as Python and Go. Not only are these newer languages easier to learn and to program versus their predecessors, but they also have been less commonly used and are therefore less likely to be detected by cybersecurity tools or analyzed by security researchers.
“Recent major events, such as Log4j and Microsoft Exchange server attacks, have placed a heightened priority on security, but these threats have long deserved the attention they’re just now getting on a global level,” said Guy Caspi, CEO of Deep Instinct. “The results of this research shed light on the wide-ranging security challenges that organizations face on a daily basis. Deep Instinct was founded to bring a new approach based on deep learning to cybersecurity. We’re on a mission to provide relief to cyber defenders facing advanced threats that continue to spike in volume and sophistication.”
Additional report findings include these takeaways:
- Supply chain attacks – Large service offering companies became targets of significant supply chain attacks this past year with threat actors looking to gain access to their environments and to target the environments of their customers by proxy. The most notable supply chain attack, Kaseya, compromised more than 1,500 companies through one unpatched zero-day vulnerability.
- The shift to high-impact and high-profile attacks vs. stealth and long dwell-time attacks – In 2021, Deep Instinct saw a transition to high-profile attacks with a massive impact. The most significant incident in 2021 was the Colonial Pipeline breach, which halted operations for six days, causing major disruptions across the United States and demonstrating the significant and cascading impact of a well-executed malware attack.
- Public and private sector collaborations become more common – There was a greater partnership among international task forces this past year to identify and bring to justice key threat actors around the world. In early 2021, an international task force coordinated by Europol and Eurojust seized Emotet infrastructure and arrested some of its operators. Other high-profile threat actors such as Glupteba became the target of private companies that joined forces to interrupt their activity as much as possible.
- The immediate impact of zero-day – In 2021, major vulnerabilities were being exploited and used within a single day of disclosing the vulnerability. One example was the HAFNIUM Group, which surfaced shortly after Microsoft revealed multiple zero-day vulnerabilities.
- Cloud as a gateway for attackers – The transition to remote work prompted many organizations to enable most of their services in the cloud rather than on-premises. For those that are not experienced working with cloud services, there is the risk that misconfigurations or vulnerable, out-of-date components with external API access could be exploited.
While the increase in the highest-profile threat, ransomware, has not continued to increase at the exponential rates initially seen during the outbreak of COVID-19 in spring 2020, Deep Instinct still recorded double-digit (15.8 percent) growth of these threats in 2021. Last year proved to CISOs and cyber attackers that work-from-anywhere and hybrid models likely would become a permanent fixture. CISOs will need to review, monitor and update security considerations to ensure full coverage and protection.
A ransomware attack can affect any organization, regardless of size, industry or location. As more security vendors use machine learning (ML) and artificial intelligence (AI) in their products and take actions to improve their existing defense mechanisms, bad actors will continue to hone and improve efforts to evade and fool traditional and AI-based defenses.
Defense evasion and privilege escalation are becoming more prevalent and Deep Instinct expects to see a continuation of EPP/EDR evasion techniques in 2022. Bad actors are investing in anti-AI and adversarial attack techniques and integrating these methods into their larger evasion strategy.
To learn more about the process behind Deep Instinct’s 2022 Threat Landscape Report and dive deeper into all the findings and key takeaways, including the top five malware and ransomware families, please visit https://www.deepinstinct.com/resources.
Photo: ING Studio 1985 – stock.adobe.co
