The ZeroFox Threat Landscape Reports | Each quarter, the Zerofox Intelligence team analyzes billions of data points to expose the most critical security statistics, trends, and insights.
Each quarter, the Zerofox Intelligence team analyzes billions of data points to expose the most critical security statistics, trends, and insights.
The steady increase in social engineering campaigns, vulnerability exploits, and ransomware impacts all sectors and illustrates one thing: adversaries aim to exploit the human element for increasingly effective attacks. Here’s what you need to know.
Ongoing geopolitical risks from the war in Ukraine and expected threats such as vulnerability exploits and ransomware remain persistent and consistent, with threat actors conducting increasingly more damaging attacks. Here’s what you need to know.
The ZeroFox intelligence findings for Winter 2022 reveal a concerning reality: as business remains focused on fortifying internal security, threat actors continue to exploit opportunities beyond the perimeter. Protecting against these threats before they hit your environment must become a point of emphasis for a unified cybersecurity program.
Social engineering remained one of the most frequently reported intrusion tactics in Q3, across all industries. This increasing trend will surely continue based on the effectiveness of tactics like smishing, callback phishing (vishing), and phishing techniques that bypass MFA.
- Malicious email attachments remain a prominent method of disseminating malware.
- Threat actors are very likely to continue targeting desirable employees in job-related scams—especially those in leadership positions with elevated access levels, which increases the risk of financial harm or corporate exposure.
Cybercriminals use social engineering in 98% of attacks.
72+ CVEs were disclosed per day in Q3 2022.
The threat from Common Vulnerabilities and Exposures (CVEs) and previously-unknown software vulnerabilities (zero-days) increased in Q3 2022 – likely representing the new normal for exploit disclosures. What’s more, high-profile vulnerabilities disclosed this quarter will continue to be exploited by threat actors despite the longstanding availability of patches.
- Vulnerabilities in the cloud and network perimeter — including routers, firewalls, and commonly-used software modules — will likely continue to dominate the exploit landscape.
- Threat actors will continue to leverage high-profile vulnerabilities in widely-used software long after security patches were released.
Initial Access Brokers (IABs)
ZeroFox Intelligence saw a steady flow of attempts to sell illicit access to secure networks, based on monitoring covert communications channels and open marketplaces – and beyond. Most IABs continue to be driven by financial gain rather than ideological objectives.
- ZeroFox Intelligence anticipates a continued resurgence in threats from IABs given strong demand from buyers and the likelihood that disruption to IAB operations is only temporary.
- Threat actors may be pushed increasingly to more private means to sell illicit access, making the identification of activity more difficult.
Winter 2022 saw consistent IABs, listings, and prices.
Source: ZeroFox Intelligence
In Q3, infostealers deployed botnets to harvest nearly 45 million credentials.
Botnets deploying information stealers continued to pose a significant threat to organizations, rapidly taking advantage of new exploits and upgrading detection evasion capabilities. Expansion of the botnet market continued, with new botnets — including Fodcha, Panchan, and the Mirai-based Enemybot — emerging to target web servers, modems, routers, Internet-of-Things (IoT), and Android devices.
- Botnets leveraged by Russia-aligned entities could exacerbate geopolitical tensions, particularly if more capable threat actors get engaged.
- Emotet is resurging, which poses an urgent, significant threat to organizations of all sizes, sectors, and locations.
Malware & Ransomware
The threats from malware and ransomware remain high and unlikely to reduce given ease-of-acquisition. However, both activities likely remained broadly consistent in Q3 2022, though the nature of the threat changed significantly. Threat actors demonstrated greater capability than in prior attacks in Q2 2022. High-profile attacks targeted the finance, manufacturing, retail, healthcare, and public sectors.
- A high volume of Malware-as-a-Service offerings will very likely sustain low barriers to entry for threat actors and drive down the price of acquiring highly-capable malware.
- If ransomware operators may be struggling to elicit payments from victims, which means they will likely resort to more extreme pressure tactics that threaten to cause greater operational downtime and reputational damage.
Ransomware attacks take place every 11 seconds.
Source: National Law Review
Geopolitics and cybersecurity have become inextricably linked.
As expected, Russia and its war in Ukraine were the primary drivers of geopolitical risk across industries in Winter 2022. Russia demonstrated an eagerness to deliberately worsen existing inflation, energy, and cost-of-living issues by strategically limiting energy supplies and using threat actors to target Western allies of Ukraine. On the other hand, malicious activities from other traditional sources of geopolitical tension, like China and Iran, are minor in comparison.
- In the short term, businesses with physical operations or sales in EU states, particularly those with close geographic or cultural ties with Russia, should be prepared for an increase in low-level cyber threat activity.
- A wave of economic defaults before 2023 – triggered by the war – has the potential for straining business operations. The energy crisis, particularly for natural gas, will worsen.
Manufacturing emerged as the world’s most hacked industry in 2022, driven primarily by quarter over quarter exploits of both known and unknown vulnerabilities.
Threats from Initial Access Brokers and ransomware are on the rise, putting sensitive patient healthcare information and personally identifiable information.
Ransomware remains an urgent concern for government and public sector agencies as criminals seek new ways to steal sensitive information.
The financial sector faced a notable increase in social engineering attacks, including threat actors leveraging techniques to bypass multi-factor authentication (MFA).
The energy sector saw one of the biggest increases in threats of any sector in Q3 2022 due to the ongoing war in Ukraine, as well as expected threat growth from IABs and ransomware.
Vulnerability exploits and ransomware continue to be the most common attack vectors for attacking retail. Winter 2022 also saw growth in social engineering attacks.