The threat report highlights significant changes in ransomware gangs and malware campaigns. Deep Instinct's Cyber Threat Report hints at unknown tactics and new victims in 2022.
Deep Instinct has released its 2022 semi-annual Cyber Threat Report. The latest edition of the report focuses on the top malware and ransomware trends and tactics from the first half of 2022, providing key insights and forecasts for the ever- (and rapidly) evolving cybersecurity threat landscape.
The main findings of the report
Changes in the structure of cybercriminals
The most frequently observed activities include changes in the world of ransomware gangs, including LockBit, Hive, BlackCat and Conti. The latter has produced "Conti Splinters", which are composed of Quantum, BlackBasta and BlackByte. These three well-known former sub-groups of the Conti Group went into business for themselves after Conti withdrew.
Malware campaigns in transition
The report highlights the reasons for the significant changes at Emotet, Agent Tesla, NanoCore and others. For example, Emotet uses heavily obfuscated VBA macros to avoid detection.
As Microsoft closes a door, malicious actors open a window
Deep Instinct experts found that after Microsoft disabled macros in Microsoft Office files by default, documents are no longer the main attack vector for malware. Instead, observations have shown that cyber attackers are now using other methods to proliferate their malware, such as LNK, HTML, and archive email attachments.
Major vulnerabilities that are easily exploited
Vulnerabilities like SpoolFool, Follina, and DirtyPipe
They illustrate the exploitability of Windows and Linux systems despite efforts to improve their security. An analysis of the catalog of known vulnerabilities published by CISA (the US Cybersecurity & Infrastructure Security Agency) shows that the number of exploited vulnerabilities spikes every three to four months, and we expect the next spike towards the end of the year.
Data exfiltration attacks now extend to third parties
Hacker groups use data exfiltration in their attacks to demand ransom for the leaked data. In the case of sensitive data exfiltration, there are fewer opportunities for recovery, so many attackers go even further and demand ransoms from third-party companies if their sensitive information is also among the stolen data.
It's no surprise that ransomware attacks continue to pose a serious threat to businesses considering that there are currently 17 leaked databases operated by cybercriminals. These use the data for attacks on third-party companies and in particular for social engineering, theft of access data and triple extortion (described in point 5).
The report also includes three specific forecasts:
Insiders and Affiliate Programs
Malicious threat actors are always looking for the weakest link in the network. With cybersecurity innovations on the rise, some attackers are choosing to either find weak targets directly or simply pay an insider. Groups like Lapsus$, for example, rely less on exploiting vulnerabilities than on insiders who are willing to sell access to certain data within their organization.
Protest goods are on the rise
The protestware phenomenon is not only enjoying growing popularity, but also growing use. This is the self-sabotage of one's own software, which is converted into an indirect cyber weapon with the help of malware and harms all or some users. The war between Russia and Ukraine has led to a surge in protestware, the most notorious example being the node-ipc wiper, a popular NPM package. Such supply chain attacks are not easy to detect, and they are typically not discovered until multiple victims are affected.
End-of-the-year attacks: While we haven't heard of a major vulnerability in 2022 comparable to the Log4J or Exchange cases in 2021, the number of publicly assigned Common Vulnerabilities and Exposures (CVEs and vulnerabilities) for reported vulnerabilities has increased compared to the previous year. Cyber attackers are still exploiting legacy vulnerabilities in 2022 simply because there is an abundance of unpatched systems for 2021 CVEs.
More at DeepInstinct.com
About Deep Instinct
Deep Instinct takes a preemptive approach to stopping ransomware and other malware with the world's first and only purpose-built deep learning framework for cybersecurity.