2022 Threat Landscape Report claims that threat actors are rapidly learning how to evade AI/ML technologies

Published: Wednesday, 02 March 2022 09:39

Deep Instinct has released findings from its bi-annual Threat Landscape Report. The Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated their findings to predict where the future of cyber security is heading. One of the most pronounced takeaways from this research on 2021 threat trends is that bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race.

Specific attack vectors have grown substantially, including a 170 percent rise in the use of Office droppers along with a 125 percent uptick in all threat types combined. The volume of all malware types is substantially higher versus pre-pandemic. In addition, threat actors have made a discernible shift away from older programming languages, such as C and C++, in favor of newer languages, such as Python and Go. Not only are these newer languages easier to learn and to program versus their predecessors, but they also have been less commonly used and are therefore less likely to be detected by cyber security tools or analyzed by security researchers.

Other key findings include:

While the increase in the highest profile threat, ransomware, has not continued to increase at the exponential rates initially seen during the outbreak of COVID-19 in spring 2020, Deep Instinct has still recorded double digit (15.8 percent) growth of these threats in 2021. Last year proved to both CISOs and cyber attackers that work-from-anywhere and hybrid models would likely become a permanent fixture. CISOs will need to carefully review, monitor, and update security considerations to ensure full coverage and protection.

A ransomware attack can affect any organization, regardless of size, industry, or location. As more and more security vendors use machine learning (ML) and artificial intelligence (AI) in their products and take actions to improve their existing protective mechanisms, bad actors will also continue to hone and improve efforts to evade and fool both traditional and AI-based defenses. Defense / defence evasion and privilege escalation are becoming more prevalent and Deep Instinct expects to see a continuation of EPP/EDR evasion techniques in 2022. Bad actors are clearly investing in anti-AI and adversarial attack techniques and integrating these methods into their larger evasion strategy.

Obtain the report