Threat actors attempted to exploit vulnerabilities at a greater clip in 2022, according to new research from Unit 42.
The threat intelligence team for Palo Alto Network, Unit 42 reported seeing a 55% increase in attempts to take advantage of vulnerabilities between 2021 and 2022, rising from 147,342 attempts to 228,345.
Most of the increase came from two supply chain vulnerabilities: Log4j and Realtek, while the top malware sample for Linux platforms was a Mirai variant within firewalls, switches, wireless routers and IoT devices.
Attackers are seemingly not picky when it comes to which vulnerabilities to exploit, as the authors of the Network Threat Trends Research Report pointed out they continue to find that “vulnerabilities using remote code execution (RCE) techniques are being widely exploited, even ones that are several years old.”
Threat actors are “counting on organizations to fail at some point in the process of applying patches,” the report’s authors conclude.
Attackers continue to use email to penetrate systems, and PDF attachments were their preferred way to deliver malicious attachments, being used 66% of the time.
As interest in artificial intelligence, especially ChatGPT, has captured the public’s attention, it’s not surprising to see bad actors taking advantage of this trend. Unit 42 said they saw a 910% increase in monthly registrations for benign and malicious domains related to ChatGPT between November and April, while squatting domains related to ChatGPT grew a whopping 17,818%.
While it’s been demonstrated that AI could create malicious activity, Unit 42 researchers said they have not seen a noticeable increase in real-world attacks, especially when compared with the number of related scams.
“The speed with which scammers used traditional techniques to profit off the AI trend underscores that organizations need to exercise caution around internet activity and software that are getting attention in popular culture,” they wrote.