For the past year, hackers have been following close behind businesses and families just waiting for the right time to strike. In other words, 2022 has been an eventful year in the threat landscape, with malware continuing to take center stage.
The 6 Nastiest Malware of 2022
Since the mainstreaming of ransomware payloads and the adoption of cryptocurrencies that facilitate untraceable payments, malicious actors have been innovating new methods and tactics to evade the latest defenses. 2022 was no different.
The ransomware double extortion tactic continues to wreak havoc, with ransomware attackers threating to both steal your data and also leak it if you don’t pay up. But this year also saw the onset of the triple extortion method – with this type of attack, hackers threaten to steal your data, leak it and then also execute DDoS attack if you don’t pay up. As a result, many organizations are shifting away from cyber insurance and adopting layered defenses in an effort to achieve cyber resilience.
Ransom payments continued to balloon – last year at this time the average was just below $150,000 but it now stands close to $225,000 (that’s increasing faster than the rate of inflation, for those counting at home!).
In bad news (as if we needed more), malicious actors seem to have settled on a favorite target: small and medium sized businesses. Large-scale attacks make headlines, but hackers have found that smaller environments make for easier targets.
But it’s not all bad news… after all, the first step in defeating your enemy is to learn their tactics. Our researchers have been hard at work uncovering the worst offenders to better build defenses against them. With that, here are the 6 Nastiest Malware of 2022.
Here are this year’s wicked winners
Emotet
Persisting botnet with cryptomining payload and more
Infects via emails, brute force, exploits and more
Removes competing malware, ensuring they’re the only infection
Lockbit
The year’s most successful ransomware group
Introduced the triple extortion method – encryption + data leak + DDOS attack
Accept payments in two untraceable cryptocurrencies Monero and Zcash as well as Bitcoin
Conti
Longstanding ransomware group also known as Ryuk and a favorite payload of trickbot
Shutdown attempts by US gov have made them rebrand into other operations such as Hive, BlackCat, BlackByte, and AvosLockerWill leak or auction off your data if you don’t pay the ransom
Qbot
The oldest info stealing trojan still in operation
Works to infect an entire environment to ‘case the joint’ before its final stage
Creates ransomware Voltrons through partnerships with Conti, ProLock and Egregor
Valyria
Malspam botnet that starts with email attachments containing malicious scripts
Known for their complex payloads that can overwhelm defenses and evade detection
Partners with Emotet to create a two-headed monster
Cobalt Strike / Brute Ratel
White hat designed pen testing tool, that’s been corrupted and used for evil.
Very powerful features like process injection, privilege escalation, and credential harvesting.
The customizability and scalability are just too GOOD not to be abused by BAD actors
Protect yourself and your business
The key to staying safe is a layered approach to cybersecurity backed up by a cyber resilience strategy. Here are tips from our experts.
Strategies for business continuity
Lock down Remote Desktop Protocols (RDP)
Educate end users
Install reputable cybersecurity software
Set up a strong backup and disaster recovery plan
Strategies for individuals
Develop a healthy dose of suspicion toward messages
Protect devices with antivirus and data with a VPN
Keep your antivirus software and other apps up to date
Use a secure cloud backup with immutable copies
Create strong, unique passwords (and don’t reuse them across accounts)
If a download asks to enable macros, DON’T DO IT
Author: Tyler Moffitt, Sr. Security Analyst
Comments