Palo Alto Networks’ Unit 42 research team reports on the malware trends it saw in 2022 and early 2023. The rise of ChatGPT has led to an explosion of impersonation attempts and website exploits aimed at exploiting AI hype. It is also seen that many more exploitations of vulnerabilities occurred in 2022 compared to the previous year.
The new Network Threat Trends research report reflects well that we should all be more concerned about existing flaws in software code than we are today. In fact, there were 55 percent more exploits of software vulnerabilities in 2022 than in 2021, according to Unit 42. This growth started as early as 2019. As we had previously reported, Log4Shell continues to haunt us. To create that analysis, the research team at Palo Alto Networks was also willing to provide insight into this vulnerability. It’s not just recent issues that cause malware injections. Old vulnerabilities that have often had a patch available for a long time remain persistent. Unit 42 touts inadequate patching by organizations, as well as a lack of clear accountability by software vendors.
Those who don’t want to take advantage of a software bug can always use some persuasion by email to scam someone. Although it takes quite a bit of “social engineering” to disguise a suspicious e-mail, according to Unit 42, malicious people can succeed via fake PDFs. 66 percent of e-mail infections use this file type. This compares with 9.79 percent .exe files, as well as 7.85 percent .xls and 6.47 percent .xlsx (Excel). In other words, people should pay attention when they see a PDF pop up from a suspicious source.
Other continuations of existing trends include the popularity of remote code execution, where exploits can lead to infiltration via a number of steps and advanced modifications to internal infrastructure. Attacking cloud workloads and IoT devices also stands out, with 47.3 percent of attackers aiming to install a botnet. 21.6 percent want to trigger cryptomining via a coinminer, while 11.1 percent aim for a backdoor.
A notable increase is found in OT attacks, that is, on critical infrastructure such as manufacturing, water supply or power companies. These types of attacks increased by a staggering 238 percent compared to 2021.
An actual new trend comes from the AI hype surrounding ChatGPT. We previously saw ChatGPT being used as an accomplice in cybercrime to generate credible e-mail texts, for example. Since the hype surrounding AI did not really take off until late 2022, Unit 42 decided to look at malware developments in this area from November 2022 to April 2023. Domain registrations that often mimic AI services like ChatGPT exploded by 910 percent during that time. However, this is not just about malicious purposes. It also includes so-called “grayware,” such as adware, spyware and programs that the user himself did not want to install. Still malicious, but its severity varies enormously. So while the sky-high percentage is cause for concern, the impact of AI as far as malware is concerned has not yet fully crystallized.