In its report “2023 State of Malware”, security expert Malwarebytes compiles the developments of the year 2022: Geopolitical cybercrime, ransomware and new authentication technologies in response to many threats.
71 percent of companies worldwide were affected by ransomware in 2022. By the end of November, over 22.500 new vulnerabilities and security gaps had been added to the global database CVE (Common Vulnerabilities and Exposures) - ten percent more than in the previous year. The past year was marked by numerous different cyber attacks. This is the conclusion reached by the threat intelligence analysts at Malwarebytes in their report "2023 State of Malware" and summarizes the most important developments from the past year.
Ukraine – the first cyber war?
Speculations as to whether Russia's invasion of Ukraine would lead to the first ever cyber war, using malicious software to cause physical damage and destruction proved unfounded. Although there were destructive attacks by the malware Wiper, cyberspace was largely reserved for information gathering and espionage.
Its strategic importance made the Ukraine conflict a useful social engineering bait. Malwarebytes' threat intelligence team found that the war was used as a theme in attacks on German targets by suspected Russian state actors, as well as attacks on Russian targets by suspected Chinese state actors.
Ransomware – still on the rise
An unexpected consequence of the war in Ukraine was the dissolution of Conti. When the ransomware group publicly declared its support for the Russian invasion, it inadvertently made ransom payments a potential violation of sanctions against Russia. As a result, the victims of Conti stopped paying, the group was forced to disband. Ultimately, however, the demise of Conti meant little for the entire ransomware ecosystem. Other cybercriminals quickly took Conti's place - and LockBit proved to be by far the most active ransomware group in 2022. According to Malwarebytes, it was responsible for almost a third of all known RaaS attacks in the last year.
Ransomware remains the number one cybercriminal threat to businesses. However, in 2022 there were signs that the criminals behind ransomware might need to adjust their tactics. Data leakage is increasingly displacing data encryption as the primary form of extortion—probably in response to effective endpoint security software or effective backup and recovery strategies on the part of organizations.
When employees open the back door
Additionally, buying access to companies via disgruntled employees could also be a tactic used by ransomware groups that could have more success in 2023. In March 2022, for example, the LAPSUS$ group made headlines with it. She published a message on her Telegram channel looking for employees of tech companies who were willing to grant remote access to the company, for example via VPN, RDP or Citrix.
Finally: macros have been disabled
Microsoft announced in 2022 that it would block macros in Office documents downloaded from the internet. In doing so, the company slowed down one of the most prolific malware distribution systems ever invented. Cyber criminals have already started exploring alternative techniques. However, since there is no obvious substitute for malicious macros, this could be a time when threat actors experiment more. For threat hunters, it is therefore important to be vigilant to recognize possible new approaches.
Authentication - steps to better security
Passwords have long been the Achilles heel of cybersecurity. Compromised passwords, for example via phishing or brute force attacks, are often the gateway to corporate networks and thus make further cybercriminal activities such as ransomware possible in the first place. However, a viable alternative to passwords was not in sight for a long time.
In May 2022, the big tech players Google, Apple and Microsoft pledged their support for FIDO2 - a globally recognized standard for passwordless authentication. In fact, there have been various substitute solutions for passwords in the past, but they never caught on because they were too expensive or too difficult to implement, for example. FIDO2 was developed to overcome exactly these problems. It currently looks like FIDO2 could become an important authentication method in 2023.
More at Malwarebytes.com
Via Malwarebytes Malwarebytes protects home users and businesses from dangerous threats, ransomware and exploits that are undetected by antivirus programs. Malwarebytes completely replaces other antivirus solutions in order to avert modern cybersecurity threats for private users and companies. More than 60.000 companies and millions of users trust Malwarebyte's innovative machine learning solutions and its security researchers to avert emerging threats and eliminate malware that antiquated security solutions fail to detect. You can find more information at www.malwarebytes.com.