KUALA LUMPUR, July 6 – Palo Alto Networks, the global cybersecurity leader, has released Volume 2 of its Unit 42 Network Threat Trends Research Report, revealing alarming trends in malware delivery and vulnerability exploitation. The report, which analyzed global telemetry from Palo Alto Networks’ advanced security tools, highlighted the evolving tactics employed by threat actors and the urgent need for organizations to enhance their cybersecurity defenses.According to the report, vulnerabilities remain a preferred method for threat actors to infect victims, with a staggering 55% increase in exploit attempts over the past year.
This surge reflects an alarming rise from 147,000 attempts in 2021 to a staggering 228,000 in 2022. Threat actors are exploiting both disclosed and undisclosed vulnerabilities, including remote code execution (RCE), compromised websites, emails, newly registered domains (NRDs), ChatGPT/AI scams, and cryptominer traffic. Steven Scheurmann, Regional Vice President, ASEAN at Palo Alto Networks, expressed concern over the adaptability and agility of modern threat actors. He said, “Today’s threat actors are like shape-shifting masters, continuously adapting their tactics to slip through the cracks of our interconnected network.
With a cunning blend of evasion tools and camouflage methods, the bad actors have weaponized the threats. They have become adept at exploiting vulnerabilities, and by the time security researchers and software vendors close the door on one vulnerability, cybercriminals have already found the next door to creak open. Organizations must, therefore, simultaneously guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks.”
The report highlighted several key findings that underscore the urgency for organizations to bolster their defenses: Exploitation of vulnerabilities has increased: On average, there has been a 55% increase in vulnerability exploitation attempts per customer compared to 2021. PDFs are the most popular file type for delivering malware: The report found that PDFs are the primary malicious email attachment type, accounting for 66% of malware delivered via email.
ChatGPT scams are on the rise: Unit 42 observed a staggering 910% increase in monthly domain registrations related to ChatGPT, including both benign and malicious domains. Threat actors aim to exploit the popularity of ChatGPT to deceive and manipulate unsuspecting users. Malware targeting industries using OT technology is increasing: The manufacturing, utilities, and energy industries witnessed a sharp increase of 238% in the average number of malware attacks per organization between 2021 and 2022.
Linux malware targeting cloud workload devices: As an estimated 90% of public cloud instances run on Linux, attackers are increasingly focusing on exploiting cloud workloads and IoT devices operating on Unix-like systems. The most common threats against Linux systems include botnets (47%), coinminers (21%), and backdoors (11%). Cryptominer traffic is on the rise: Cryptomining, a lucrative activity for threat actors, has seen a doubling in 2022. Approximately 45% of the surveyed organizations reported a history of cryptominer-related traffic.
Newly Registered Domains (NRDs) as a tool for threat actors: To evade detection, cybercriminals utilize newly registered domains (NRDs) for phishing, social engineering, and malware distribution. Notably, adult websites (20.2%) and financial services (13.9%) are prime targets for NRD-based attacks. Increasingly complex evasive threats: Attackers are continually refining their tactics, transitioning from basic evasions to more advanced techniques as security vendors detect and block known methods.
This necessitates organizations to adopt comprehensive security measures capable of countering sophisticated attacks. Rising prevalence of encrypted malware in traffic: Already, 12.91% of malware traffic is SSL encrypted. Malware families leveraging SSL-encrypted traffic to blend with benign network activity are expected to grow further as threat actors mimic legitimate business practices. Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks, emphasized the enduring efficacy of PDFs as a malware delivery method. He stated, “As millions of people use ChatGPT, it’s unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI.
But, the trusty email PDF is still the most common way cybercriminals deliver malware. Cybercriminals, no doubt, are looking at how they can leverage it for their nefarious activities, but for now, simple social engineering will do just fine at tricking potential victims. Organizations must, therefore, take a holistic view of their security environment to provide comprehensive oversight of their network and ensure security best practices are followed at every level of the organization.”
The report serves as a stark reminder of the ever-evolving threat landscape and the pressing need for organizations to remain vigilant and enhance their cybersecurity measures. Proactive defense strategies, continuous monitoring, and user education are crucial in combating the persistent and increasingly sophisticated cyber threats that organizations face today.
