Key highlights of the second half of 2022:
Don’t count out the old
We saw the resurgence of familiar names in the malware, wiper, and botnet space–including Emotet and GandCrab, to name a few, in addition to code reuse (old code being recompiled into new variants)–a reminder that old malware and threats never die. They simply crawl back into the shadows waiting patiently for another turn.
Ransomware and Wipers
Volume is still growing: There’s been a 16% increase in both ransomware and wipers. However, when we look at a quarterly breakdown, we see that wiper volume increased an astonishing 53% between Q3 and Q4 of 2022.
Introducing “The Red Zone”
Less than 1% of the total observed vulnerabilities discovered in an enterprise-size organization were on endpoints and actively under attack. This insight gives CISOs a clear view of the “Red Zone” or active attack surface.
Raspberry.Robin: a new bot with an old trick
1 in 84 organizations that detected botnet activity were impacted by this new botnet that only entered the bot scene in September.
Exchange becomes a post-exploitation hotpot
Hardening activities on Exchange servers have thwarted much initial access targeting. Adversary familiarity with associated services means Exchange servers have become a hotbed for post-exploitation activity.
Keep an eye out for Pre-ATT&CK
Adversaries are dedicating more resources to their attacks’ Recon and Weaponization phase. As this approach becomes more ‘de-facto’ among threat actors, cyber defenders must keep up using intelligence gathered from these phases.