Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, released its 2022 Bi-Annual Cyber Threat Report earlier this month.
The newest edition of the report focuses on the top malware and ransomware trends and tactics from the first half of 2022 and provides key takeaways and predictions for the ever-evolving cybersecurity threat landscape.
“2022 has been another record year for cyber criminals and ransomware gangs. It’s no secret that these threat actors are constantly upping their game with new and improved tactics designed to evade traditional cyber defences,” said Mark Vaitzman, Threat Lab Team Leader at Deep Instinct.
“The goal of this report is to outline the wide range of challenges that organizations and their security teams face daily. Defenders must continue to be vigilant and find new approaches to prevent these attacks from happening.”
Here are the 5 biggest changes to the cybersecurity threat landscape that we saw this year.
Changes in threat actor structure
Some of the most prevalent activities observed include changes within the world of ransomware gangs, including LockBit, Hive, BlackCat, and Conti. The latter has spawned “Conti Splinters” made up of Quantum, BlackBasta, and BlackByte. These three prominent former affiliate groups to the Conti operation emerged under their own operations following the decline of Conti.
Malware campaigns in flux
The report highlights the reasons behind significant changes to Emotet, Agent Tesla, NanoCore, and others. For example, Emotet uses highly obfuscated VBA macros to avoid detection.
As Microsoft shuts down one avenue, bad actors open others
Deep Instinct’s researchers found that the use of documents for malware has decreased as the prior number one attack vector, following Microsoft’s move to disable macros by default in Microsoft Office files. Threat actors have already been seen shifting gears and implementing other methods to deploy their malware, such as LNK, HTML, and archive email attachments.
Major exploitable vulnerabilities
Vulnerabilities such as SpoolFool, Follina, and DirtyPipe highlighted the exploitability of both Windows and Linux systems despite efforts to enhance their security. Analysis of CISA’s published known exploited vulnerability catalog suggests that the number of exploited in-the-wild vulnerabilities spikes every 3-4 months and we’re expecting the next spike as we get closer to the end of the year.
Data exfiltration attacks are now extending to third parties
Threat actor groups are utilizing data exfiltration within their attack flows in order to demand ransom for the leaked data. In the case of sensitive data exfiltration, there are less remediation options so many threat actors are going even further and demanding ransoms from third-party companies if the leaked data contains their sensitive information.