Global threat posture report reveals five security trends

In recent years, with the rapid expansion of the attack surface, the number and types of security threats faced by global enterprise organizations are greatly increasing.

Trend 1: vulnerabilities increase rapidly after the Log4j incident

The global outbreak of Log4j vulnerabilities at the end of 2021 shows that cyber criminals are exploiting vulnerabilities to attack more rapidly than ever before. The number of attacks on this vulnerability soared in mid-December, becoming the most popular target for IPS testing in the second half of 2021 in less than a month. In addition, compared with the well-known ProxyLogon vulnerabilities that broke out in early 2021, the number of Log4j attacks is as high as 50 times.

Trend 2: cyber criminals quickly aim at new carriers on the attack surface

Some seemingly inconspicuous security threats may unleash great destructive power in the future, which should be of constant concern. For example, the recent emergence of new malware exploits Linux system vulnerabilities to launch attacks through executable and linkable binary format (ELF). Because Linux operating system usually runs the back-end systems of most networks and provides container-based solutions for Internet of things (IoT) devices and mission-critical applications, this feature makes it gradually become a hot target of network attacks.

In fact, since ELF Muhstik variants, RedXOR malware, and a series of Log4j vulnerabilities have targeted Linux as a primary target, the signing rate of new Linux malware discovered by the fourth quarter of 2021 is more than four times higher than in the first quarter. Meanwhile, detection of ELF and other Linux malware doubled in 2021 compared with previous years. The rapid increase in the number of variant viruses and the scope of attack means that the blackmail software targeting Linux is increasingly becoming an easy-to-use attack tool in the cyber criminal arsenal.

Trend 3: blackmail software activities are more rampant and more destructive

Since last year, the number of blackmail software attacks has remained high, threatening attackers will continue to use a variety of new blackmail software to attack global business organizations, and cause widespread damage. At the same time, lawbreakers are deliberately updating and enhancing traditional ransomware, such as the infamous Wiper malware, while other ransomware is upgrading and adopting a new business model of ransomware as a service (RaaS). RaaS allows more attackers to use their platforms to distribute malware at will.

The report also found that malicious activities are increasingly frequently bundled with a variety of ransomware group attacks, such as the new Phobos variant virus, Yanluowang and BlackMatter ransomware. Regardless of industry or enterprise size, ransomware attacks are always a threat to global business organizations.

Trend 4: the evolution trend of botnet indicates that network attack technology is more complex.

The application of new cybercrime attack technology which is constantly upgrading and evolving is becoming the evolution trend of botnet. Botnet is no longer dominated by the single attack of DDoS, attackers turn to more complex attack techniques such as multi-target attack tools such as bundling extortion software. For example, criminal gangs, including botnet operators such as Mirai, have integrated the exploitation of Log4j vulnerabilities into their attack kits. At the same time, botnet activity has been traced to new variants of RedXOR malware, deliberately attacking the Linux operating system, looting and stealing data.

Trend 5: cyber criminal gangs manipulating malware are keen to "stir up trouble remotely"

The assessment of the prevalence of malware variants in different regions of the world shows that cyber criminals are keen on remote-controlled attacks and continue to study and learn new attack vectors. It is worth noting that all kinds of browser-based malware are widespread. These malware usually use illegal means such as phishing bait, injecting malicious code, or redirecting users from legitimate websites to malicious websites. Although detection methods vary around the world, the following three distribution mechanisms are most widely used: Microsoft Office executables (MSExcel/, MSOffice/), PDF files, and browser scripts (HTML/, JS/).

Effectively defend against cyber crime

In the face of unprecedented vulnerability attacks, it is urgent for global enterprise organizations to deploy artificial intelligence (AI) and machine learning (ML)-empowered intrusion prevention system (IPS), establish efficient patch management strategies, and achieve comprehensive visualization of threat intelligence, so as to give priority to dealing with rapidly spreading network threats, so as to effectively reduce the overall security risk coefficient of the network.

In the face of the expanding attack surface, global enterprise organizations should at the same time strengthen the security protection, monitoring and management of Linux, and deploy advanced automated endpoint protection, detection and response strategies. In addition, priority should be given to the renovation of the network security environment to achieve active threat protection against those seemingly low-level security threats.

In the face of rampant blackmail software attacks, it is necessary for global enterprise organizations to change from passive to active, and actively deploy security solutions that support the full integration of advantages such as real-time visibility, real-time analysis, security protection and attack repair. and deeply integrate zero-trust network access strategy, dynamic intelligent isolation and regular data backup functions, in order to build a more efficient enterprise protection network.

In addition, in the face of an unprecedentedly complex network security situation, there is an urgent need for global enterprise organizations to deploy zero-trust access solutions to support minimum access, especially in the protection of a large number of Internet of things (loT) terminals and devices accessing the network. Automated threat detection and response functions should also be integrated to actively detect abnormal network behavior in real time.

In particular, the current anytime, anywhere (WFA) and hybrid learning mode is increasingly becoming the norm of people's life, while the protection layer between malware and potential victims is getting weaker and weaker. There is an urgent need for global enterprise organizations to deploy efficient security solutions, as well as the integration of endpoint advanced security solutions (EDR) and zero-trust access solutions (ZTNA). In the face of today's expanding network environment, secure SD-WAN solutions are also important for WAN secure connection protection.

All in all, the current network attacks show a more complex development trend, and accelerate the attack across the entire attack surface. There is an urgent need for global enterprise organizations to deploy security solutions that support collaborative interconnection, rather than continuing to rely on isolated protection technologies. To defend against the escalating attack technology, it is necessary to have more intelligent solutions to obtain real-time threat intelligence, detect and identify threat patterns and fingerprints, correlate massive data to detect abnormal activities, and automatically initiate coordinated responses. In addition, enterprise organizations should abandon traditional point products and build a network security grid platform that supports centralized management, automation, and collaborative operation of a variety of locally deployed security solutions. efficient defense against fast-growing and complex cybercrime activities.