The ability to guard against attacks and malware designed to exploit vulnerabilities
means keeping up with trends and predictions to inform your security strategy. Understanding the changing environment is imperative for security professionals to mount a strong defense against sophisticated malware attacks.
We are pleased to announce the release of the Palo Alto Networks Unit 42 Network Threat
Trends Report Vol. 2, which focuses on the latest trends in malware and the evolving threat
landscape. The insights in this report will provide security teams with a better understanding of what is to come for malware and recommendations for organizations to improve their security posture.
Executive Summary:
In this report, the Palo Alto Networks Unit 42 research team shares current trends in malware and the evolving threat landscape. This includes an analysis of the most common types of malware and their methods of distribution. With the growing volume and sophistication of today’s threats, it’s critical for network security professionals to understand the threat landscape and how to properly defend against it.
The insights provided in this report are intended to give you a better understanding of how the threat landscape is evolving and provide security recommendations for organizations to protect themselves.
Most findings are based on data and observations we gathered in 2022 and are a comparison to one year earlier. Data for AI was collected between November 2022 and April 2023. Here are some key highlights of the findings:
- We’ve seen a boom in traditional malware techniques taking advantage of interest in AI/ChatGPT.
- The ratio of malware impacting industries using Operational Technology (OT) has increased by 27.5%.
- Exploitation of vulnerabilities increased 55% compared to 2021.
- PDFs are the most popular file type for delivering malware as email attachments (66.6% of all attachments).
- While nearly 49% of network communication generated during sandbox analysis (including both malicious and benign files) uses encrypted SSL for its traffic, 12.91% of network traffic generated by malware (such as phoning home, getting time calibration) is encrypted with SSL.
- Cryptominer traffic has doubled in 2022
We will also discuss emerging advanced threats that organizations should be aware of. Sophisticated multivector attacks are designed to elude detection using an array of evasion tools and camouflage techniques. The result is a significant strain on IT and security teams charged with strengthening the organization’s security posture. Armed with expert knowledge and recommendations, you can make your organization a less tempting target.
What’s Next for Malware:
Leveraging data collected from Palo Alto Networks Advanced WildFire malware prevention engine, coupled with insights gathered by the Unit 42 threat research team throughout 2022 and early 2023, we have formulated four predictions regarding the future direction of malware. These predictions are derived from careful analysis of the trends observed within the collected data, revealing crucial behaviors that that warrant close attention and proactive protection measures.
- Malware will increasingly employ red team tools to avoid detection.
Malware attacks will continue to become increasingly complex and leverage advanced tools, such as Cobalt Strike and Metasploit, to avoid detection. These tools, originally designed for legitimate security purposes, have unfortunately been repurposed by threat actors to exploit vulnerabilities and gain unauthorized access to systems. These tools offer functionalities such as social engineering, phishing, spear-phishing, and post-exploitation techniques, enabling attackers to infiltrate networks, maintain persistence, and move laterally across compromised systems.
- More malware families will use SSL-encrypted traffic to blend in with benign network traffic.
Threat actors are adopting tactics that mimic legitimate businesses. Currently, 12.91% of network traffic generated by malware is SSL encrypted. By mimicking legitimate network traffic and employing sophisticated evasion techniques, bad actors increase their chances of remaining undetected for prolonged periods, exacerbating the potential damage they can inflict.
- Vulnerabilities, especially within OT systems and IoT devices, will continue to rank among the primary entry points for the propagation of malware, posing a significant initial threat vector.
The annual rise in newly discovered vulnerabilities poses a growing challenge for organizations, making it increasingly difficult to prioritize patching and mitigate the associated risks of exploitation in a timely manner. In fact, in 2022, the exploitation of vulnerabilities witnessed a staggering 55% increase when compared to the previous year. This trend in the growing attack surface compels attackers to actively target both old and new vulnerabilities, resulting in organizations being exposed to a higher risk of compromise and unauthorized access.
4. Traditional scam techniques will take advantage of AI trends.
With the widespread popularity of ChatGPT and the emergence of various AI-related tools and trends, scammers are poised to exploit users’ enthusiasm, particularly through traditional scams like domain squatting. There has been a noticeable surge in traditional malware techniques that capitalize on the escalating interest in AI and ChatGPT. Given the current trajectory, we anticipate this trend to persist and even intensify in the future.
Recommendations for Your Security Strategy:
Assessing your security strategy against trends and predictions can help you discover
the right tools and best practices to deploy. To enhance your organization’s security and minimize its attractiveness as a target, we recommend considering the following recommendations:
1. Address the increasing complexity of threats with comprehensive oversight.
Comprehensive oversight entails adopting a holistic perspective of your security landscape. It is crucial to integrate robust security capabilities at all levels of your hybrid cloud environment, including hardware, firmware, operating systems, and software. Emphasize securing data at rest, in transit, and during usage to ensure comprehensive protection. Additionally, it is essential to promote a culture where security best practices are embraced by everyone within the organization. Collaborative efforts between compliance, security operations, and human resources departments are vital to ensure that security protocols are diligently followed at every level of your organization.
2. Use decryption best practices to expose potential threats.
To effectively combat the rise in malicious encrypted traffic, it is essential to enable decryption capabilities on your next-generation firewalls. This empowers security teams to inspect and exert control over SSL/TLS and SSH traffic, thereby detecting and preventing threats that would otherwise remain concealed within encrypted communications. By utilizing virtual machine introspection (VMI) to capture the symmetric keys for each SSL connection, the detection of malware can occur seamlessly and covertly. This approach enables security measures to proactively analyze encrypted traffic and effectively neutralize potential threats that may attempt to exploit this hidden avenue.
3. Respond to growing vulnerabilities with an effective patch management process.
Maintaining an up-to-date patch management process is crucial for mitigating the impact of vulnerabilities. To minimize the risk of attacks, it is essential to develop a comprehensive process that enables swift patching of newly discovered vulnerabilities. By promptly applying patches and updates, organizations can significantly reduce the window of vulnerability and the potential for exploitation.
4. Adopt a Zero Trust mindset for enhanced security.
The adoption of a Zero Trust approach eradicates any implicit trust assumptions within the organization by consistently validating digital transactions. By implementing Zero Trust best practices, such as deploying controls across all environments (on-premises, data center, and cloud), security teams can effectively bolster their defenses against highly sophisticated and evasive threats.
