The annual Trend Micro Roundup Report warns of an exponentially growing attack surface: The security specialist identified 146 billion cyber threats in 2022. An increase of over 55 percent compared to the previous year.
Trend Micro releases its security report for the past year 2022. It shows that the total number of detected threats increased by 2022 percent in 55 compared to the previous year. The number of malicious files blocked grew by 242 percent as threat actors targeted consumers and businesses across all industries.
Developments from 2022 to 2023
For 2022 and beyond, the Rethinking Tactics: 2022 Annual Cybersecurity Report points to some interesting developments:
- The three most important MITER ATT&CK techniques show that threat actors initially gain access via remote services. Finally, they extend the infiltration of the IT environment through credential dumping (stealing access data) to gain access via valid accounts.
- Backdoor malware detection has increased by 86 percent. Threat actors try to maintain their access to networks for future attacks. Most backdoors targeted vulnerabilities in web server platforms.
- For the third time in a row the Zero Day Initiative (ZDI) published a record 1.706 vulnerability alerts. This is the result of a rapidly expanding attack surface for businesses and vulnerability researchers' use of automated analysis tools that find increasing numbers of bugs. The number of critical vulnerabilities has doubled in the past year. Two of the top three CVEs (Common Vulnerabilities and Exposures) reported in 2022 were related to Log4j.
- The ZDI also observed that inadequate patches and confusing advisories gain weight. This costs companies additional time and money to fix the errors and exposes them to unnecessary cyber risk.
- Webshells were 2022 the most frequently detected malware and increased by 2021 percent compared to 103 numbers. Emotet detections came in second after coming back into focus. LockBit and BlackCat were the leading ransomware families in 2022.
- Um counteract falling profits, ransomware groups are reorganizing and looking for new business opportunities. In the future, we expect these groups to move into closely related businesses that allow them to monetize their access to corporate networks. These include, for example, stock fraud, business email compromise (BEC), money laundering and theft of cryptocurrencies.
Protection with platform-based security approach
🔎 The top 5 most affected industries compared 2022 to 2021 (Image: Trend Micro).
Trend Micro recommends companies take a platform-based approach to security. This allows them to manage the cyber attack surface, address skill shortages, reduce security vulnerabilities, and minimize the cost of point solutions. This approach should include the following components.
asset management
Allows organizations to have an overview of their assets and their relevance, potential vulnerabilities, the level of threat activity, and the amount of threat intelligence they are gathering about the assets.
Cloud security
Ensures cloud infrastructure is securely configured so attackers cannot exploit known gaps and vulnerabilities.
Proper security protocols
Timely software updates prevent the exploitation of security gaps. Until the manufacturers provide official security updates, solutions such as virtual patching will support it.
Transparency across the entire attack surface
Technologies and networks within an organization and all security systems that protect them should be monitored in a unified manner. However, it is difficult to link different data points from isolated sources.
Cyber attackers want to increase their profits
"The wide range of Threat Intelligence from Trend Micro* shows once again that 2022 was a year in which threat actors did everything they could to increase their profits,” said Richard Werner, Business Consultant at Trend Micro. “Of particular concern is that backdoor detections are on the rise. This proves that cyber criminals are successfully breaking into more and more networks. Security teams need a modern, platform-based approach to ensure comprehensive risk management as the attack surface continues to expand.”
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.