The report found that in 2022 alone, cyber threat detections reached a record 146 billion, with the number of threat detections and the number of malicious files blocked increasing by 55% and 242%, respectively.
“The broad results collected by Trend Micro Threat Intelligence show that threat actors have done everything possible to monetize in 2022,” said John Clay, vice president of Threat Intelligence at Trend Micro. network, already overstretched security teams must adopt a streamlined, platform-based approach to effectively manage risk across rapidly expanding attack surfaces.
According to the threat report, the three main techniques of MITER ATT&CK allow threat actors to gain initial access through a remote service and then use a credential dump method to take advantage of the threat. a valid account to attack in the cyber environment. the radius widens.
Backdoor malware detections increased by 86%, indicating the propensity for threat actors to sneak into networks for future attacks. The results were mostly found in web server platform vulnerabilities.
The number of Zero-Day Initiative (ZDI) consultations in 2022 was 1,706, a record for three consecutive years. Indeed, more and more bugs are being caught as companies increase their investments in automated analysis tools as their attack surface expands rapidly. In 2022, the number of “critical” vulnerabilities doubled compared to previous years, and two of the top three reported CVEs were related to rogue4j. ZDI said it confirmed that the increase in patch failures and unclear recommendations is costing companies additional time and money to recover, exposing themselves to unnecessary cyber risk.
The number of web server malware, Webshell, jumped 103% from 2021, making it the most detected malware this year. The re-release Emotet followed, followed by “LockBit” and “BlackCat” in the ransomware category. Ransomware groups have started changing their names or diversifying their behavior to cope with falling returns. According to Trend Micro, future ransomware families will move into areas that monetize initial access, including stock market fraud, business email compromise (BEC), money laundering, and cryptocurrency theft.
Trend Micro recommends taking a platform-based approach to managing the surface of cyberattacks, compensating for insufficient security capabilities and security coverage, while minimizing the cost of managing individual solutions. The report also provided recommendations such as asset management, cloud security, creating appropriate security protocols, and visibility into the attack surface.
editor@itworld.co.kr
