Deep Instinct report finds 125% increase in threat types and novel evasion techniques

Deep Instinct report finds 125% increase in threat types and novel evasion techniques

Deep Instinct, the first company to apply end-to-end Deep Learning to cybersecurity, has unveiled findings from its bi-annual Threat Landscape Report.

The Deep Instinct Threat Research team extensively monitored attack volumes and types and then extrapolated its findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and most importantly, lays out the steps organizations can take now in order to protect themselves in the future.

One of the most pronounced takeaways from this research on 2021 threat trends is that bad actors are becoming more successful at evading AI/Machine Learning technologies, prompting organizations to redouble efforts in the innovation race.  

Specific attack vectors have grown substantially, including a 170% rise in the use of Office droppers along with a 125% uptick in all threat types combined. The volume of all malware types is substantially higher versus pre-pandemic. 

In addition, threat actors have made a discernable shift away from older programming languages, such as C and C++, in favor of newer languages, such as Python and Go. Not only are these newer languages easier to learn and to program versus their predecessors, but they also have been less commonly used and are therefore less likely to be detected by cybersecurity tools or analyzed by security researchers.

“Recent major events, such as Log4j and Microsoft Exchange server attacks, have placed a heightened priority on security, but these threats have long deserved the attention they’re just now getting on a global level,” said Guy Caspi, CEO of Deep Instinct.

“The results of this research shed light on the wide-ranging security challenges that organizations face on a daily basis. Deep Instinct was founded to bring a new approach based on Deep Learning to cybersecurity. We’re on a mission to provide relief to cyber defenders facing advanced threats that continue to spike in volume and sophistication.”

Additional report findings include the following key takeaways: 

  • Supply chain attacks: Large service offering companies became targets of significant supply chain attacks this past year with threat actors looking to not only gain access to their environments, but also target the environments of their customers by proxy. The most notable supply chain attack, Kaseya, compromised more than 1,500 companies through one unpatched zero-day vulnerability. 
  • The shift to high-impact and high-profile attacks verses stealth and long dwell-time attacks: In 2021, Deep Instinct saw a transition to high-profile attacks with a massive impact. The most significant incident in 2021 was the Colonial Pipeline breach, which halted operations for six days, causing major disruptions across the US and demonstrated the significant and cascading impact of a well-executed malware attack.
  • Public and private sector collaborations become more common: As Deep Instinct had predicted, there was greater partnership among international task forces this past year to identify and bring to justice key threat actors around the world. In early 2021, an international taskforce co-ordinated by Europol and Eurojust seized Emotet infrastructure and arrested some of its operators. Other high-profile threat actors such as Glupteba became the target of private companies that joined forces to interrupt their activity as much as possible. 
  • The immediate impact of zero-day: In 2021, there were major vulnerabilities being exploited and used within a single day of disclosing the vulnerability. One of the examples was the HAFNIUM Group. 
  • Cloud as a gateway for attackers: The transition to remote work has prompted many organizations to enable most of their services in the cloud rather than on premises. For those that are not experienced working with cloud services, there is the risk that misconfigurations or vulnerable, out-of-date components with external API access could be exploited. 

Browse our latest issue

Intelligent CISO

View Magazine Archive