Cyber Threat Landscape Report 2022: Summary & Predictions

February 28, 2022 | Shimon Noam Oren

Deep Instinct’s Threat Research team has published its review of the most significant cyber threats and trends from 2021 along with predictions for 2022. The report is an annual review of the top malware and ransomware families, leading malware trends, and a look into new cyber threats like IcedID, Qakbot, Dridex, and Trickbot aimed at the financial services sector. 

2021: 125% Increase in Cyber Threats 

While ransomware attacks increased less rapidly in 2021 than in the previous two years (15.8%), the overall complexity of attacks increased significantly. Our research team found more attacks that had the ability to evade many established endpoint protection tools. We observed a 125% increase in all threat types combined. This diverse range of threats requires organizations to remain hyper vigilant to the ever-evolving nature of attacks.  

Expanded Threat Landscape Report: New Techniques and Vulnerabilities 

We are committed to continuous report enhancements and have introduced several new sections in the 2022 edition.  

Top 10 MITRE Techniques. Our scope has expanded to include Linux malware families, such as XorDDoS, Gafgyt, and Mirai. The MITRE ATT&CK® is an important industry-standard framework, and the new report explores the Top-10 MITRE techniques and capabilities based on our D-Cloud event analysis.  

Emerging Vulnerabilities. Probably the most important addition and a topic that has made continued headlines is the range of vulnerabilities that emerged during 2021. Log4Shell, ProxyShell (a combination of three Microsoft Exchange vulnerabilities), and PrintNightmare all had a significant impact. We have witnessed the incredible speed with which bad actors have taken advantage of vulnerabilities.  

Malware Trends. The report also dives into specific malware trends by campaign, with an assessment of Excel 4.0 macros, JavaScript, and most importantly, the various Microsoft Exchange Server vulnerabilities, all which were globally pervasive.   

New Discoveries. We are pleased to share details of several discoveries that the Threat Research team has made over the last 12 months, including Asaf Gilboa’s publication on credential dumps, focused on LSASS memory dumps. DefCon saw researcher Elad Ciuraru and Tal Leibovich, Head of Threat Research, explain how to identify Excel 4.0 macros using anomaly detection.   

New Tools. Security Researcher Ron Ben Yizhak developed and published a novel tool called “DeMotet” that automates the analysis of Emotet samples on a large scale. The tool includes an unpacker for the loader and decryption scripts for the payload itself.  

2022 Predictions: Cyber Threat Landscape 

Each of our threat reports includes predictions for the year, and in parallel, reviews of how accurate our previous predictions were. Unsurprisingly, the impact of COVID-19 has remained an evergreen topic, with the pandemic still acting as a catalyst for the spread of malware. Despite the slow return to the office within a hybrid work model, we expect to see attackers capitalizing on VPNs as a breach vector and the exploitation of organizations that are in the early stages of cloud security maturity.   

Fast-impact and high-reward campaigns targeted at mission-critical infrastructure have also been prominent, with shorter dwell times and maximum damage inflicted as soon as possible in order to obtain a ransomware payment — and we expect these attacks to continue throughout 2022.  

Want to know more about our Threat Research team’s findings? Download the 2022 Cyber Threat Landscape Report to read our full analysis.