Inadequate patches and advisories increase cyber risk

Trend Micro’s overall threat detections increased by 55%, and the number of blocked malicious files surged by 242% due to indiscriminate targeting by threat actors who went after both consumers and organizations in all sectors.

Trends for 2022 and beyond

The top three MITRE ATT&CK techniques show us that threat actors are gaining initial access through remote services, then expanding their footprint within the environment through credential dumping to utilize valid accounts.

An 86% increase in backdoor malware detections reveals threat actors trying to maintain their presence inside networks for a future attack. These backdoors primarily targeted web server platform vulnerabilities.

A record number of Zero Day Initiative (ZDI) advisories (1,706) for the third year in a row is the result of a rapidly expanding corporate attack surface and researcher investment in automated analysis tools, which are finding more bugs. The number of critical vulnerabilities doubled in 2022. Two out of the top three CVEs reported in 2022 were related to Log4j.

The ZDI observed an increase in failed patches and confusing advisories, adding extra time and money to corporate remediation efforts and exposing organizations to unnecessary cyber risk.

Webshells were the top-detected malware of the year, surging 103% on 2021 figures. Emotet detections were second after undergoing something of a resurgence. LockBit and BlackCat were the top ransomware families of 2022.

Ransomware groups rebranded and diversified in a bid to address declining profits. In the future, Trend Micro expects these groups to move into adjacent areas that monetize initial access, such as stock fraud, business email compromise (BEC), money laundering, and cryptocurrency theft.