Palo Alto's Findings: 66 Percent Of Cybercriminals Send Malware Through PDF
JAKARTA - Palo Alto Networks recently published Volume 2 of Unit 42 Network Threat Trends Research Report. The report identifies a malware threat trend and provides the most significant and commonly found malware trend analysis in cyberspace.
Based on the report, the level of vulnerability exploitation has almost doubled from 147,000 attempts in 2021 to 228,000 in 2022.
Threat actors exploit both the vulnerabilities that have been revealed and those that have not, including long-distance code execution (RCE), email, compromised websites, newly registered domains (NRD), ChatGPT/AI fraud, and cryptominer traffic.
"The threat actors are currently behaving very similar to mutants, who can change shape and continuously adapt their tactics to sneak through the loopholes of a network of interconnected organizations," said Steven Scheurmann, Regional Vice President, ASEAN, Palo Alto Networks in a statement received in Jakarta.
According to Steven, threat actors are increasingly proficient in exploiting vulnerabilities, and by a time when security experts and software vendors managed to close one vulnerability door, cybercriminals had found the next door to open.
Some of the main findings of the report include:
Vulnerability exploitation has increased. There has been an increase of up to 55% in vulnerability exploitation efforts, on average per customer, compared to 2021.
PDF is the most popular type of file to send malware: PDF is a major type of malicious email attachment, 66% of threat actors use it to send malware via email.
ChatGPT scam: Between November 2022 April 2023, Unit 42 observed a 910% increase in monthly registration for domains, both harmless and dangerous, associated with ChatGPT, in a bid to emulate ChatGPT.
Malware targeting industries with OT technology is increasing: The average number of malware attacks experienced per organization in the manufacturing, utility and energy industries increased by 238% (between 2021 and 2022).
另请阅读:
Linux malware continues to increase, targeting cloud workloads: The attackers are looking for new opportunities in cloud workloads and IoT devices operating on the Unix-like operating system. The most common types of threats to Linux systems are: botnet (47%), coin miners (21%), and backdoor (11%).
Cryptominer traffic is also increasing: With the number continuing to multiply, cryptomining continues to be an area of interest to threat actors, with 45% of sample organizations having a history of triggering attack markers containing cryptominer-related traffic.
Recently Registered Domains: To avoid detection, threat actors use newly registered domains, newly registered domains (NRD), for phishing, social engineering, and spreading malware. Threat actors are more likely to target people visiting adult websites (20.2%) and financial service sites (13.9%) with NRD.
The Threat Of Impulsion Will Continue To Develop More Complex: Attackers will reuse one. However, when security vendors start detecting it, attackers respond by switching to more advanced techniques.
Encrypted Malware in Traffic will Continue to Increase: 12.91% of malware traffic has been encrypted by SSL. It is estimated that the family' of the malware that uses SSL encrypted traffic to blend with harmless network traffic will continue to grow.