2022 Cyber Threat Report Details Growing Trends
The cyber threat landscape is constantly evolving, with new attacks developing every day. In its new report, SonicWall explores some of the most dangerous trends security professionals need to have on their radar.
SEE: How to Develop Skills in Cyber Threat Intelligence Capabilities (TechRepublic)
Ever-changing global malware activity
SonicWall Capture Labs threat researchers recorded 2.8 billion malware attacks in the first half of 2022. With the exception of June, global malware detection was higher in 2022 than in 2021 (Figure A).
The malware categories that grew the most were cryptojacking malware (30% increase) and IoT-related malware (77% increase).
Some changes in regional data were also reported. Attacks against North America increased by 2%, which is well below the global average. Yet Europe saw a 29% increase in cyberattacks and attacks in Asia increased by 32%.
Regarding the American states affected, Florida remains the most affected state, followed by California and New York (Figure B).
Another indicator to consider is the percentage of malware spread, which takes into account not only the volume of malware detected, but also the number of sensors detecting this activity for a region.
When calculated, the spread of malware indicates that South Dakota is the riskiest area for business, followed by Kansas and Hawaii (Figure C). Texas, on the other hand, is the safest state. Although it detected 99.3 million pieces of malware, it only represents 15.5% of organizations that see attempted malware attacks.
Looking at the various industries impacted by malware, education is the most targeted with a 21.4% increase per month, followed by government at 19.3%. Financial institutions were less targeted with only 15.2% of financial organizations affected by malware.
On the other hand, SonicWall, although it does not have enough sensors in Ukraine to meet statistical relevance, has been interested in verifying malware attacks in this country and has seen an extraordinary increase in malware from from March 2022 (Figure D).
The ransomware situation
Ransomware attacks decreased by 23%, with 236.1 million ransomware attempts reported in the first half of 2022 (Figure E). The three most used ransomware families are Cerber, Ryuk and Gandcrab. The latter was shut down in 2019, but since it was provided as a service, these numbers likely reflect older campaigns.
After two years of increases, the global number of ransomware detections began to steadily decline from the third quarter of 2021. Although this is good news, the number seen in the first half of 2022 is still higher than the annual totals for each of the months 2017, 2018 and 2019, according to the researchers.
The United States remains the most impacted country in 2022 (Figure F).
European countries appear more and more in the top 11, with seven countries compared to only five in 2021.
Several factors may explain the decline in ransomware attacks. According to the researchers, increased hardening of organizations, continued volatility in cryptocurrency prices, tighter regulations from cybersecurity insurers could all be factors.
Still, the NSA says the most important factor is probably the political conflicts and the fact that the Russians are focusing more on Ukraine-related activities. These cybercriminals are also finding it more difficult to use credit cards and other means of purchasing infrastructure in Western countries and are suffering from increasing difficulties in moving money.
IoT malware is increasing
IoT malware has increased by 77% since the start of the year, even surpassing no less than 12 million detections between January and June 2022 (G-figure).
North America recorded more than 5 million detections for the first time in January 2022, reaching 6.7 million. In June, it even reached 8.1 million. Detections in Asia increased by 74%, reaching 2 million in January, while in Europe they were down by 19%.
When it comes to targeted industries, every industry has shown triple-digit increases in attack volume. Finance grew by 151%, healthcare by 123%, retail by 122%, government by 114% and education by 110%.
Global cryptojacking reached 66.7 million visits in the first half of 2022, representing a 30% increase from the first half of 2021. The three most targeted industries – government, healthcare and education – fell by 78%, 87% and 96% respectively, while retail is up 63% year-to-date and finance is up 269%.
Although cryptocurrency is unstable and Bitcoin has fallen a lot since 2021, it’s still easier for cybercriminals to dig harder than to find a new way to make money, which explains the increase in cyber attacks. cryptojacking.
According to the researchers, some ransomware operators are also changing their activity to cryptojacking. Although it makes less money than ransomware, it is much quieter in terms of detection, and some cryptojacking victims are never aware of it, reducing the risks that attract some cybercriminals.
Malicious PDFs and Microsoft Office files are on the rise, with Excel still being the most exploited Microsoft Office application. Attackers mainly abuse XLM (Excel Macro 4.0) macro code, whereas before they exploited Visual Basic Analysis macros. More recently, attackers have started using a combination of XML and VBA to perform malicious activities.
Exploitation of the Log4j vulnerability is still high, averaging 2.8 million exploit attempts per day.
Encrypted attacks, meaning attacks using encrypted communications, saw a 132% increase from January to July 2022, primarily targeting government, finance, and education.
Intrusion attempts increased by 18% in the first half of 2022, while malicious intrusions (i.e. medium to high severity attempts) fell by 19% for the same period in 2021.
Disclosure: I work for Trend Micro, but the opinions expressed in this article are my own.