Network Threat Trends: Exploitations of Vulnerabilities on the Rise
The research team at Palo Alto Networks, Unit 42, has released its Network Threat Trends report for 2022 and early 2023. The report reflects the growing concern about existing flaws in software code, with 55 percent more exploitations of vulnerabilities in software than in 2021. This growth has already started in 2019 and is continuing to be a major issue.
PDFs Popular for Email Infections
Malicious parties can use fake PDFs to scam people by email with a little persuasion. Although it takes some ‘social engineering’ to disguise a suspicious email, 66 percent of email infections use this file type. This is compared to 9.79 percent .exe files, 7.85 percent .xls and 6.47 percent .xlsx (Excel). People should be wary of PDFs from suspicious sources.
Remote Code Execution and OT Attacks
Other continuations of existing trends include the popularity of remote code execution, where exploits through a number of steps can lead to infiltration and advanced modifications to internal infrastructure. Attacking v and cloud workloads and IoT devices stand out, with 47.3 percent of attackers aiming to install a botnet. 21.6 percent want to activate crypto mining via a coinminer, while 11.1 percent are intended for a backdoor.
Organizations should also be aware of the increasing number of OT attacks, i.e. on critical infrastructure such as production, water supply or energy companies. These types of attacks increased by a staggering 238 percent from 2021.
AI Hype Leads to Impersonation Attempts
The AI hype surrounding ChatGPT has led to an explosion of impersonation attempts and website registrations with the aim of using the AI hype, often for deception. From November 2022 to April 2023, domain registrations that often imitate AI services like ChatGPT have exploded by 910 percent. This includes so-called “grayware”, such as adware, spyware and programs that the user did not want to install.
Unit 42 points to inadequate patching by organizations, but also a lack of clear accountability by software vendors. Old vulnerabilities that often have a patch available for a long time remain stubbornly present. Organizations should ensure that they are up to date with their patching and software updates to avoid falling victim to these threats.