Cybersecurity Awareness Month 2022 Series
Defending the growing attack surface
Digital transformation has rapidly accelerated connectivity—more devices, apps, and users are connecting to enterprise networks than ever before—resulting in an ever-expanding attack surface. This had led to new security challenges and concerns; in fact, 73% of respondents in a joint survey with Sapio Research indicated they were concerned about the size of their digital attack surface.
As technology evolves, so must an enterprise’s cyber defense strategy. The sheer number of connected devices, users, and apps has created visibility issues for security teams relying on disparate point products. 62% of respondents admitted to having blind spots that weaken their security posture—particularly when it comes to cloud assets, networks, and end-user assets.
To modernize your cybersecurity strategy, you must understand the imminent risks. Our Midyear Roundup Report helps CISOs and security leads anticipate what’s next, enabling a stronger cyber defense strategy to recognize, assess, and mitigate cyber threats.
Trend Micro Midyear 2022 Cybersecurity Roundup Report
Each summer, Trend Micro analyzes and correlates attack surface intelligence from approximately 400,000 commercial customers and 20 million consumer customers, alongside data lakes and partnering with third-party research firms. We also review our 2022 security predictions to see which ones aligned with the trends in the first six months of the year.
Our most recent report is especially beneficial to those with a hybrid staff—as this widened digital attack surface has led to new ransomware models alongside the resurgence of some familiar attack methods. Data compiled from Trend Micro™ Research, Trend Micro™ Smart Protection Network (SPN), and our Trend Micro™ Zero Day Initiative (ZDI) has painted a picture of a labor force once again in flux and an alliance of cybercriminals ready to use this insecurity to its advantage.
Notable Midyear Trends
Unsurprisingly, threat actors are becoming more prolific—we blocked almost 64 billion threats in 2021, a 56% increase from 2020. We’re also seeing new developments making noise in the field.
The ransomware as a service (RaaS) model, which allows cybercriminals to buy or rent ransomware tools and infrastructures, has consolidated attack methods and turned it into a turnkey enterprise. Over the first six months of 2022, based on data gathered by Trend Micro Research, there were 67 active RaaS and extortion groups and over 1,200 victim organizations.
Although newer threats like RaaS and cryptocurrency mining (which has witnessed a decrease due to the amount of compute power needed) remain top of mind, cybersecurity teams shouldn’t take their focus away from traditional attack methods. Misconfigurations are still a major concern, which is unsurprising given that in 2021, Trend Micro found that 60-70% of all security challenges in the cloud arise from misconfigurations.
The proliferation of “big game hunting” is one of the most telling signs of what’s to come. While multiple extortion will continue to be a popular ransomware method, threat actors have been executing a more targeted approach. Malware may live inside your environment for months before ransomware is dropped in, as cybercriminals for key victims inside your environment most likely to pay.
While service brokers will continue selling access to “big game” accounts, the likelihood that your organization could have multiple groups inside your network is increasing. This makes cyber defense and risk mitigation more difficult, as threat actors are accustomed to using multiple TTPs (tactics, techniques, and procedures) in the different areas or different components of the attack.
Some of the top threats stem from attack credential theft, defined as the exploitation of public-facing devices and systems. Threat actors are gaining initial access into environments by exploiting open IPs, mapping the network, and moving laterally.
With the proliferation of supply chain attacks and island attacks (where threat actors enter an environment through a more vulnerable third-party partner), security teams will need to employ better visibility across the entire stack as well as mitigate vulnerabilities and misconfigurations. With this level of information regarding an organization’s level of cyber hygiene, as well as the availability of RaaS tools freely available, technical deficiencies will be targeted at a higher rate, especially within cloud infrastructures.
Cyber Defense Best Practices
To stay resilient in the face of targeted attacks, security leaders need to better understand, communicate, and mitigate cyber risk across their digital attack surface, including the organization’s external-facing surface.
Effective attack surface risk management combines attack surface discovery, risk assessment and prioritization, (inclusive of vulnerabilities, security misconfiguration, XDR threat detection, and more), and mitigation options to streamline all solutions, products, and capabilities.
A unified cybersecurity platform supports attack surface management with broad third-party integration can provide complete visibility across your entire ecosystem to discover your attack surface, saving valuable time and allowing IT teams to better assess cyber risk.
XDR capabilities correlate activity across multiple security layers to provide greater and more relevant context. This integrated approach to cyber defense and risk management provides a single pane of glass for security teams to continuously assess cyber risk across their organization—and detect and automatically respond to threats faster.
Check out the following resources for more insights into cyber risk and attack surface management: