Deep Instinct unveiled findings from its bi-annual Threat Landscape Report.
The Deep Instinct Threat Research team extensively monitored attack
volumes and types and then extrapolated their findings to predict where
the future of cybersecurity is heading, determine what motivates
attackers, and most importantly, lays out the steps organizations can
take now in order to protect themselves in the future. One of the most
pronounced takeaways from this research on 2021 threat trends is that
bad actors are becoming more successful at evading AI/ML technologies,
prompting organizations to redouble efforts in the innovation race.
Specific
attack vectors have grown substantially, including a 170% rise in the
use of Office droppers along with a 125% uptick in all threat types
combined. The volume of all malware types is substantially higher versus
pre-pandemic. In addition, threat actors have made a discernable shift
away from older programming languages, such as C and C++, in favor of
newer languages, such as Python and Go. Not only are these newer
languages easier to learn and to program versus their predecessors, but
they also have been less commonly used and are therefore less likely to
be detected by cybersecurity tools or analyzed by security researchers.
"Recent
major events, such as Log4j and Microsoft Exchange server attacks, have
placed a heightened priority on security, but these threats have long
deserved the attention they're just now getting on a global level," said
Guy Caspi, CEO of Deep Instinct. "The results of this research shed
light on the wide-ranging security challenges that organizations face on
a daily basis. Deep Instinct was founded to bring a new approach based
on deep learning to cybersecurity. We're on a mission to provide relief
to cyber defenders facing advanced threats that continue to spike in
volume and sophistication."
Additional report findings include the following key takeaways:
- Supply chain attacks: Large
service offering companies became targets of significant supply chain
attacks this past year with threat actors looking to not only gain
access to their environments, but also target the environments of their
customers by proxy. The most notable supply chain attack, Kaseya,
compromised more than 1,500 companies through one unpatched zero-day
vulnerability.
- The shift to high-impact and high-profile attacks vs. stealth and long dwell-time attacks: In
2021, Deep Instinct saw a transition to high-profile attacks with a
massive impact. The most significant incident in 2021 was the Colonial
Pipeline breach, which halted operations for six days, causing major
disruptions across the U.S. and demonstrated the significant and
cascading impact of a well-executed malware attack.
- Public and Private Sector collaborations become more common: As
Deep Instinct had predicted, there was greater partnership amongst
international task forces this past year to identify and bring to
justice key threat actors around the world. In early 2021, an
international taskforce coordinated by Europol and Eurojust seized
Emotet infrastructure and arrested some of its operators. Other
high-profile threat actors such as Glupteba became the target of private
companies that joined forces to interrupt their activity as much as
possible.
- The immediate impact of zero-day: In
2021, there were major vulnerabilities being exploited and used within a
single day of disclosing the vulnerability. One of the examples was the
HAFNIUM Group, which surfaced shortly after Microsoft revealed multiple
zero-day vulnerabilities.
- Cloud as a gateway for attackers: The
transition to remote work has prompted many organizations to enable
most of their services in the cloud rather than on premises. For those
that are not experienced working with cloud services, there is the risk
that misconfigurations or vulnerable, out-of-date components with
external API access could be exploited.
While
the increase in the highest profile threat, ransomware, has not
continued to increase at the exponential rates initially seen during the
outbreak of COVID-19 in spring 2020, Deep Instinct has still recorded
double digit (15.8 percent) growth of these threats in 2021. Last year
proved to both CISOs and cyberattackers that work-from-anywhere and
hybrid models would likely become a permanent fixture. CISOs will need
to carefully review, monitor, and update security considerations to
ensure full coverage and protection.
A
ransomware attack can affect any organization, regardless of size,
industry, or location. As more and more security vendors use machine
learning (ML) and artificial intelligence (AI) in their products and
take actions to improve their existing defense mechanisms, bad actors
will also continue to hone and improve efforts to evade and fool both
traditional and AI-based defenses. Defense evasion and privilege
escalation are becoming more prevalent and we expect to see a
continuation of EPP/EDR evasion techniques in 2022. Bad actors are
clearly investing in anti-AI and adversarial attack techniques and
integrating these methods into their larger evasion strategy.
To
learn more about the process behind Deep Instinct's 2022 Threat
Landscape Report and dive deeper into all the findings and key
takeaways, including the top five malware and ransomware families,
please visit https://www.deepinstinct.com/resources.