Deep Instinct Threat Report Says Attacks More Numerous, More Evasive
Cyberattacks remain over double pre-pandemic levels, according to a new report from Deep Instinct. Perhaps even more troubling, attacks are focusing on new targets, including AI/ML protections.
Bad actors are becoming more successful at evading AI/ML technologies, prompting organizations to redouble efforts in the innovation race, according to a recent 2022 report from Deep Instinct.
The 2022 Deep Instinct Threat Landscape Report finds the volume of malicious attacks is more than double pre-pandemic levels and focuses on new targets. To assemble the report, the Deep Instinct research team carefully tracked attack volumes and types, then extrapolated their findings to forecast
- where cybersecurity is headed in the future,
- assess what motivates attackers, and, most crucially,
- outline the steps businesses should take today to protect themselves in the future.
As a result of on-going and escalating attacks in 2021, Deep Instinct CEO Guy Caspi noted security remains a heightened priority for many enterprises in 2022.
While ransomware attacks slowed down in 2021 since the peak of the COVID-19 outbreak (and the surge in work-from home), such attacks increased at a double digit rate (15.8 percent), the Deep Instinct report found.
“Last year proved to both CISOs and cyberattackers that work-from-anywhere and hybrid models would likely become a permanent fixture. CISOs will need to carefully review, monitor, and update security considerations to ensure full coverage and protection,” it said.
Such ongoing security investments in 2022 are clearly warranted Caspi noted.
"Recent major events, such as Log4j and Microsoft Exchange server attacks, have placed a heightened priority on security, but these threats have long deserved the attention they're just now getting on a global level,” Caspi said. The results of this research shed light on the wide-ranging security challenges that organizations face daily.”
While companies invest in AI/ML to thwart ransomware, such strategies can have mixed results, the report also noted. That’s because attackers are focusing their energies and resources on overcoming these strategies.
In specific, the report found, “Bad actors are clearly investing in anti-AI and adversarial attack techniques and integrating these methods into their larger evasion strategy.” Deep Instinct’s report said in part:
A ransomware attack can affect any organization, regardless of size, industry, or location. As more and more security vendors use machine learning (ML) and artificial intelligence (AI) in their products and take actions to improve their existing defense mechanisms, bad actors will also continue to hone and improve efforts to evade and fool both traditional and AI-based defenses. Defense evasion and privilege escalation are becoming more prevalent and we expect to see a continuation of EPP/EDR evasion techniques in 2022.
Other 2022 Deep Instinct Cyber Threat Landscape Report Findings
Additional Deep Instinct report findings also included these takeaways:
- Supply chain attacks: In the past year, large service-oriented firms have been the focus of massive supply chain attacks, with threat actors attempting to obtain access to their environments and the environments of their customers via proxy. Kaseya, the most well-known supply chain attack, exploited an unpatched zero-day vulnerability to compromise over 1,500 firms.
- The move from stealth and long dwell-time attacks to high-impact and high-profile attacks: In 2021, Deep Instinct experienced a shift from stealth and extended dwell-time attacks to high-profile attacks with tremendous impact. The Colonial Pipeline breach, which halted operations for six days, creating substantial disruptions across the United States and demonstrating the huge and cascading consequences of a well-executed malware attack, was the most important incident of 2021.
- Public and Private Sector collaborations is becoming more common: As Deep Instinct had predicted, there was greater partnership amongst international task forces this past year to identify and bring to justice key threat actors worldwide. In early 2021, an international task force coordinated by Europol and Eurojust seized Emotet infrastructure and arrested some of its operators. Other high-profile threat actors such as Glupteba became the target of private companies that joined forces to interrupt their activity as much as possible.
- The immediate impact of zero-day: In 2021, attacks bore fruit within a single day. The report found major vulnerabilities were exploited and used within a single day of disclosing the vulnerability. One example was the HAFNIUM Group, which surfaced shortly after Microsoft revealed multiple zero-day vulnerabilities, according to Deep Instinct.
- Cloud has become a gateway for attackers: Many firms are enabling most of their services in the cloud rather than on-premises because of the shift to remote work. Misconfigurations or vulnerable, out-of-date components with external API access could be abused by persons who are unfamiliar with working with cloud services.
Deep Instinct takes what Caspi calls a “prevention-first approach” to stopping ransomware and other malware. It uses “a purpose-built, deep learning cybersecurity framework,” which can predict and prevent known, unknown, and zero-day threats in <20 milliseconds, he added.
More info on Deep Instinct's 2022 Threat Landscape Report is available here.