Rethinking Tactics: Annual Cybersecurity Roundup 2022






Rethinking Tactics

Annual Cybersecurity Roundup 2022


Rethinking Tactics: Annual Cybersecurity Roundup 2022 Download our full report

In 2022, news of wars, economic recession and inflation, and supply chain woes disrupted the lives and livelihoods of people across the globe. And organizations weren’t the only ones forced to navigate economic and environmental difficulties — amid a burgeoning cybersecurity skills gap and security operations center (SOC) burnout — to sustain their business needs. Cybercriminals also had to adapt and evolve to keep their illicit operations afloat despite a significant decline in revenue.

Our annual cybersecurity report sheds light on the major security concerns that surfaced and prevailed in 2022. We also discuss how cybercriminals, specifically ransomware actors, are taking their cue from legitimate organizations when it comes to diversifying their portfolios and rebranding their image, and the top vulnerabilities that malicious actors have abused last year.

. . .

Cybercriminals take corporate route to diversify, rebrand

To combat waning ransomware revenues — a staggering 38% decrease from 2021 to 2022 — active ransomware actors have increased their level of professionalism to ensure higher ransomware payouts. In the past year, we’ve seen them take a page out of the corporate handbook to diversify, rebrand, and even offer professional services such as technical support, with the goal of keeping their attacks potent.

BlackCat ransomware actors have used their connections or networks with ransomware-as-a-service (RaaS) groups that have considerable experience in the industry to improve their operations.

In March and April 2022, Cuba ransomware operators offered technical support to victims who chose to negotiate and pay the ransom amount.

Conti, one of the most active and widely known ransomware families in recent years, shut down in mid-2022 and rebranded after being tagged as “toxic” because of its Russian ties. Former Conti members rebranded as new ransomware groups, namely Black Basta, BlackByte, Karakurt, and Royal.

LockBit 3.0 actors introduced the first ransomware bug bounty program in June 2022, which offered remuneration to security researchers who would submit vulnerability reports to help improve their operations.


In the latter part of 2022, we saw Agenda, BlackCat, Hive, and RansomExx actors develop versions of their ransomware in Rust, a cross-platform language that is harder to analyze and detect by antivirus engines, to target the Linux operating system.

3,790
27,602
Linux
15,154
11,000
MacOS

2021

2022

Figure 1. Ransomware operating system (OS) comparison counts
Source: Trend Micro™ Smart Protection Network™

. . .

Malicious actors take advantage of expanding attack surface, failing patches

The top vulnerabilities of 2022 shifted from Microsoft-focused common vulnerabilities and exposures (CVEs) to Log4J CVEs. This is likely because malicious actors took advantage of several Log4J vulnerabilities that were publicized in 2021.

2021 Top 3 CVEs
2022 Top 3 CVEs

Table 1. The top three CVEs in 2021 and 2022
Source: Trend Micro ZDI

During the pandemic, businesses began depending more on virtual private networks (VPNs) for their remote and hybrid work needs, and cybercriminals were quick to take note and take advantage. Cybercriminals have set their sights on certain VPN vulnerabilities, a trend that we also covered in our 2022 midyear cybersecurity report.

 Table 2. A monthly record of detected attempts to exploit known VPN vulnerabilities

Table 2. A monthly record of detected attempts to exploit known VPN vulnerabilities

Top tracked vulnerability: CVE-2018-13379

A path traversal vulnerability in the FortiOS SSL VPN web portal that can allow unauthenticated attackers to download FortiOS system files via specially crafted HTTP resource requests.

The Trend Micro™ Zero Day Initiative™ (ZDI) also recorded their third record-breaking year in 2022 in terms of the number of published advisories. This can be attributed to two factors: an exponential increase in the attack surface and ZDI’s investment in automating analysis, which helped researchers find more bugs in 2022.

1,453
2020
1,604
2021
1,706
2022

Figure 2. The number of published advisories by the ZDI program from 2020 to 2022
Source: Trend Micro ZDI

In 2022, the number of critical-, high-, and medium-severity CVEs increased compared to 2021. The number of critical bugs doubled in 2022 versus 2021, though it did not exceed the number of critical bugs in 2020.

173
983
187
110
1,453
2020
54
1,138
148
264
1,604
2021
110
1,191
177
228
1,706
2022

Low

Medium

High

Critical

Figure 3. The severity ratings of published CVEs from 2020 to 2021
Source: Trend Micro ZDI

After studying the vulnerabilities that ran rampant in 2022, we observed that there haven’t been any big shifts in the types of bugs. Instead, we saw a troubling trend — an increase in the number of incomplete or faulty patches.

Failed patches can come from:


Not having enough time or resources to create comprehensive solutions.

Organizations disclosing unspecific information in their public alerts about their vulnerabilities, which provides less information for security teams to work with when applying the patches.

. . .
 

Threat landscape in brief

146,408,535,569

Overall number of threats blocked in 2022

Blocked email threats

2021
69,869,979,425
2022
79,945,411,146

Blocked malicious URLs

2021
3,468,559,504
2022
2,531,040,185

Blocked malicious files

2021
17,834,808,438
2022
60,925,991,943

Email reputation queries

2021
89,032,192,911
2022
96,888,106,011

URL reputation queries

2021
3,353,131,929,834
2022
3,771,452,057,804

File reputation queries

2021
1,920,529,076,114
2022
2,080,322,556,495

Download our annual cybersecurity report to learn how to harden your cybersecurity defenses against sophisticated, expansive, and ever-evolving threats.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.