Palo Alto Networks, the global cybersecurity leader, today released
the Unit 42 Network Threat Trends Research Report Vol.2. The report highlights the current
trends in malware while providing a detailed analysis of the most common types of malware
and their distribution methods.
This report presents a comprehensive analysis of global telemetry data collected from Palo
Alto Networks Next-Generation Firewall (NGFW), Cortex Data Lake, Advanced URL
Filtering, and Advanced Wildfire.
“Threat actors are constantly evolving their techniques, employing evasion tools and
camouflage methods to bypass detection. Organisations must guard against malware
designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new
attacks,” says Anil Valluri, Regional Vice President, India & SAARC at Palo Alto Networks.
Key findings from the report include:
● Exploitation of vulnerabilities has increased by 55%, compared to 2021.
● Linux malware is on the rise, targeting cloud workload devices; an estimated
90% of public cloud instances run on Linux. The most common types of threats
against Linux systems are: botnets (47%), coinminers (21%) and backdoors (11%).
● PDFs are the most popular file type for delivering malware as email attachments
- 66.6% of all attachments.
● ChatGPT scams: Unit 42 saw a 910% increase in monthly registrations for
domains, both benign and malicious, related to ChatGPT.
● Cryptominer traffic doubled in 2022.
● Newly Registered Domains: Threat actors were found more likely to target people
visiting adult websites (20.2%) and financial services (13.9%) sites with newly
registered domains (NRDs).
● Malware aimed at industries using OT technology is increasing: The average
number of malware attacks experienced per organisation in the manufacturing,
utilities and energy industry increased by 238% (between 2021 and 2022).
“As millions of people use ChatGPT, it’s unsurprising that we see ChatGPT-related scams,
which have exploded over the past year, as cybercriminals take advantage of the hype
around AI. But, the trusty email PDF is still the most common way cybercriminals deliver
malware,” says Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks.
“Cybercriminals, no doubt, are looking at how they can leverage it for their nefarious
activities, but for now, simple social engineering will do just fine at tricking potential victims.
Organisations must therefore take a holistic view of their security environment to provide
comprehensive oversight of their network and ensure security best practices are followed at
every level of the organisation.