KUALA LUMPUR (June 21): Palo Alto Networks, a global cybersecurity leader, has found a 55% increase in exploit attempts of vulnerabilities in the past year. Vulnerabilities continue to be a popular method for threat actors to infect victims, it said in Volume 2 of its Unit 42 Network Threat Trends Research Report.
With the rate of vulnerability exploitation showing no sign of slowing down — up from 147,000 attempts in 2021 to 228,000 in 2022 – threat actors are exploiting both vulnerabilities that are already disclosed and ones that are not yet disclosed, including remote code execution (RCE), emails, compromised websites, newly registered domains (NRDs), ChatGPT/AI scams and cryptominer traffic.
The report stated that PDFs are the most popular file type for delivering malware; 66% of the time, PDFs were used to deliver malware via email.
It also found that malware aimed at industries using operational technology was increasing as the average number of malware attacks experienced per organisation in the manufacturing, utilities and energy industry increased by 238%, between 2021 and 2022.
Linux malware targeting cloud workload devices is also on the rise. An estimated 90% of public cloud instances run on Linux.
Attackers seek new opportunities in cloud workloads and IoT devices running on Unix-like operating systems. The most common types of threats against Linux systems are botnets (47%), coinminers (21%) and backdoors (11%).
Additionally, cryptominer traffic also doubled in 2022 — cryptomining continues to be an area of interest to threat actors, with 45% of sampled organisations having a signature trigger history that contains cryptominer-related traffic.
To avoid detection, threat actors use newly registered domains (NRDs) for phishing, social engineering and spreading malware. Threat actors are more likely to target people visiting adult websites (20.2%) and financial services (13.9%) sites with NRDs.
Palo Alto forecasts that encrypted malware in traffic will keep increasing, where 12.91% of malware traffic is already SSL encrypted. As threat actors adopt more tactics that mimic those of legitimate businesses, it's expected malware families using SSL-encrypted traffic to blend in with benign network traffic will continue growing.
Moreover, between November 2022 and April 2023, Palo Alto saw a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT, in an attempt to mimic ChatGPT.
Palo Alto Networks vice president and regional chief security officer Sean Duca said: "As millions of people use ChatGPT, it is unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI. But, the trusty email PDF is still the most common way cybercriminals deliver malware”.
"Cybercriminals, no doubt, are looking at how they can leverage it for their nefarious activities, but for now, simple social engineering will do just fine at tricking potential victims.
“Organisations must therefore take a holistic view of their security environment to provide comprehensive oversight of their network and ensure security best practices are followed at every level of the organisation."
The popularity of ChatGPT has also led to the appearance of related grayware, which is software that falls somewhere between malicious and benign, states the report. This category includes adware, spyware and potentially unwanted programmes.
Grayware might not be explicitly harmful, but it can still cause issues or invade peoples’ privacy.
The growing use of ChatGPT suggests that cybercriminals are looking to exploit the popularity of ChatGPT to spread potentially unwanted or harmful software. Therefore, it is important for users to remain vigilant and take steps to protect their systems and data.
The speed with which scammers used traditional techniques to profit off the AI trend underscores the need for organisations to exercise caution around internet activity and software that are getting attention in popular culture. At the same time, it remains possible that threat actors could find ways to take advantage of the unique technological capabilities of AI, adds Palo Alto.