2022 Threat Landscape Report claims that threat actors are rapidly learning how to evade AI/ML technologies
- Published: Wednesday, 02 March 2022 09:39
Deep Instinct has released findings from its bi-annual Threat Landscape Report. The Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated their findings to predict where the future of cyber security is heading. One of the most pronounced takeaways from this research on 2021 threat trends is that bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race.
Specific attack vectors have grown substantially, including a 170 percent rise in the use of Office droppers along with a 125 percent uptick in all threat types combined. The volume of all malware types is substantially higher versus pre-pandemic. In addition, threat actors have made a discernible shift away from older programming languages, such as C and C++, in favor of newer languages, such as Python and Go. Not only are these newer languages easier to learn and to program versus their predecessors, but they also have been less commonly used and are therefore less likely to be detected by cyber security tools or analyzed by security researchers.
Other key findings include:
- Supply chain attacks: large service offering companies became targets of significant supply chain attacks this past year with threat actors looking to not only gain access to their environments, but also target the environments of their customers by proxy. The most notable supply chain attack, Kaseya, compromised more than 1,500 companies through one unpatched zero-day vulnerability.
- The shift to high-impact and high-profile attacks vs. stealth and long dwell-time attacks: in 2021, Deep Instinct saw a transition to high-profile attacks with a massive impact. The most significant incident in 2021 was the Colonial Pipeline breach, which halted operations for six days, causing major disruptions across the US and demonstrated the significant and cascading impact of a well-executed malware attack.
- Public and private sector collaborations become more common: there was greater partnership amongst international task forces this past year to identify and bring to justice key threat actors around the world. In early 2021, an international taskforce coordinated by Europol and Eurojust seized Emotet infrastructure and arrested some of its operators. Other high-profile threat actors such as Glupteba became the target of private companies that joined forces to interrupt their activity as much as possible.
- The immediate impact of zero-day: in 2021, there were major vulnerabilities being exploited and used within a single day of disclosing the vulnerability. One of the examples was the HAFNIUM Group, which surfaced shortly after Microsoft revealed multiple zero-day vulnerabilities.
- Cloud as a gateway for attackers: the transition to remote work has prompted many organizations to enable most of their services in the cloud rather than on premises. For those that are not experienced working with cloud services, there is the risk that misconfigurations or vulnerable, out-of-date components with external API access could be exploited.
While the increase in the highest profile threat, ransomware, has not continued to increase at the exponential rates initially seen during the outbreak of COVID-19 in spring 2020, Deep Instinct has still recorded double digit (15.8 percent) growth of these threats in 2021. Last year proved to both CISOs and cyber attackers that work-from-anywhere and hybrid models would likely become a permanent fixture. CISOs will need to carefully review, monitor, and update security considerations to ensure full coverage and protection.
A ransomware attack can affect any organization, regardless of size, industry, or location. As more and more security vendors use machine learning (ML) and artificial intelligence (AI) in their products and take actions to improve their existing protective mechanisms, bad actors will also continue to hone and improve efforts to evade and fool both traditional and AI-based defenses. Defense / defence evasion and privilege escalation are becoming more prevalent and Deep Instinct expects to see a continuation of EPP/EDR evasion techniques in 2022. Bad actors are clearly investing in anti-AI and adversarial attack techniques and integrating these methods into their larger evasion strategy.