Cyber threat detections hit record breaking 146 billion in 2022
There has been a massive 55% global increase in overall threat detections in 2022 and a 242% surge in blocked malicious files, as threat actors indiscriminately targeted consumers and organisations across all sectors, according to a new report from Trend Micro.
"The unrivalled breadth of Trend Micro threat intelligence* reveals 2022 as a year when threat actors went 'all-in' to boost profits," says Mick McCluney, Technical Director, ANZ at Trend Micro:
"A surge in backdoor detections is particularly concerning in showing us their success in making landfall inside networks. To manage risk effectively across a rapidly expanding attack surface, stretched security teams need a more streamlined, platform-based approach."
The roundup report reveals several interesting trends for 2022 and beyond:
The top three MITRE ATT&CK techniques show us that threat actors are gaining initial access through remote services, then expanding their footprint within the environment through credential dumping to utilise valid accounts.
A 116% increase in backdoor malware detections in Australia from 2021 reveals threat actors trying to maintain their presence inside networks for a future attack. These backdoors primarily targeted web server platform vulnerabilities. Australia had the fifth-highest malware detections of all the countries surveyed in the report.
A record number of Zero Day Initiative (ZDI) advisories (1,706) for the third year in a row is the result of a rapidly expanding corporate attack surface and researcher investment in automated analysis tools, which are finding more bugs. The number of critical vulnerabilities doubled in 2022. Two out of the top three CVEs reported in 2022 were related to Log4j.
The ZDI observed an increase in failed patches and confusing advisories, adding extra time and money to corporate remediation efforts and exposing organisations to unnecessary cyber risk.
Webshells were the global top-detected malware of the year, surging 103% on 2021 figures. Emotet detections were second after undergoing something of a resurgence. LockBit and BlackCat were the top ransomware families of 2022.
Ransomware groups rebranded and diversified in a bid to address declining profits. In the future, we expect these groups to move into adjacent areas that monetise initial access, such as stock fraud, business email compromise (BEC), money laundering, and cryptocurrency theft. Of all the countries surveyed, Australia had the second highest percentage of BEC attacks (16.3%) blocked by Trend Micro.
Trend Micro recommends that organisations adopt a platform-based approach to managing the cyber-attack surface, mitigate security skills shortages and coverage gaps, and minimise the costs associated with point solutions.
This should cover the following:
Asset management. Examine assets and determine their criticality, any potential vulnerabilities, the level of threat activity, and how much threat intelligence is being gathered from the asset.
Ensure that cloud infrastructure is configured with security in mind to prevent attackers from capitalising on known gaps and vulnerabilities. Proper security protocols. Prioritise updating software as soon as possible to minimise the exploitation of vulnerabilities. Options such as virtual patching can help organisations until vendors provide official security updates.
Attack surface visibility.
Monitor disparate technologies and networks within the organisation, as well as any security system that protects them. It may be difficult to correlate different data points from siloed sources.