Deep Instinct releases its 2022 Interim Cyber Threat Study.

Deep Instinct has published its 2022 Interim Cyber Threat Report, outlining some of the top malware strains and exploited vulnerabilities between January and December of 2022. The majority (44%) of ransomware campaigns were launched by affiliates of the Lockbit ransomware-as-a-service offering, while 23% were carried out by the now-defunct Conti gang.

Emotet is still by far the dominant banking Trojan in the threat landscape (67%), followed by NJRat at a distant second (14%).

The researchers also note that data theft extortion attacks are growing more efficient:

“Ransomware attacks remain a serious threat to organizations causing business disruption (denial-of-service) and reputational damage. While it is not a new threat, ransomware has become easier to detect in the encryption phase. Threat groups are moving towards exfiltrating data earlier in their attack flows to demand a ransom for the leaked data instead of a key to decrypt. In the case of sensitive data exfiltration there are far fewer remediation options. Several threat actors went even further, demanding a ransom from third-party companies if the leaked data has their sensitive information as well. 

“Threat groups operating ransomware campaigns are financially motivated and have begun to develop their own markets with easy-to-use query engines to find relevant data from the leaks and purchase it. We saw this play out in July 2022, by a rising star in ransom operators, ALPHV (BlackCat) who introduced their new leak database.”