Remote work has become the new normal for many, paving the way for employees to work from anywhere in the world. This, in turn, has redefined network security for enterprises. Dissolving the perimeter has expanded the network threat landscape and required a fundamental shift in how we approach network security for the modern automated and evasive threats that bypass detection.
In our first 2022 Unit 42 Network Threat Trends Research Report, we provide insight into the 11,841 newly reported network vulnerabilities of 2021 and reveal the 20 emerging advanced threats of 2022 and 2023 to watch out for. These critical insights help us understand how the network threat landscape will evolve so we can provide you, the security professional, insights and recommendations to protect your organization and reduce risk.
The Ever Growing Threat Landscape
It’s clear that threats have increased exponentially with no signs of slowing down. We witnessed millions of active exploitation attempts in 2021 for Log4Shell alone, a significant rise in the number of attacks, and the malicious ratio of file-based threats almost doubled from the previous year. Furthermore, we observed several other key insights about the evolving network threat landscape, including:
- 262 million network exploit attempts in 2021, which mostly targeted high-severity vulnerabilities.
- Roughly 75% of the attacks targeting critical vulnerabilities involve remote code execution – an attacker's favorite type of exploit since it often enables them to compromise and take over the target machine, yielding higher control and accessibility within the victim’s network.
- Threat actors are still successfully using older strains of malware, with Barber as the most common and prevalent malware family detected in 2021 – a malware strain that was first observed in 2004.
We expect to see threat actors continue to elevate and expand their attacks throughout 2022 and beyond. But how and what can you do?
Bypassing Defenses with Automation and Evasion
Threat actors are now using automation and as-a-service offerings, sophisticated tools, and evasive tactics to bypass today’s security defenses. Using these tools and approaches, often Remote Access Trojans (RATs) or variations of popular Red Team tools, adversaries have improved the speed and success rate of attacks.
These tools make it easier than ever for attackers to land unknown malware and create completely customizable Command-and-Control (C2) channels that cannot be stopped with traditional approaches. As we know, C2 is late in the attack lifecycle and the last opportunity for a network defender to stop a malicious actor before they pivot to actioning on their objective, which can include delivering ransomware, expanding their footprint, gathering intel, or other nefarious actions. This makes it critical for security teams to prevent malicious C2 at lightning speed.
Staying Ahead of Threats
With the surge in attacks continually increasing, it’s imperative to understand how threat actors are operating today to secure the future. By reading this report, we hope organizations will be able to improve their security posture and better defend against persistent threats, thereby mitigating risk, lowering response times, and maximizing security investments. To gain insight into the network threat landscape and learn effective mitigation strategies, check out the 2022 Unit 42 Network Threat Trends Research Report.