According to the 2022 edition of the Yoroi Report, attackers are perfecting solutions and tools to exploit the weakness of the human factor with social engineering techniques. Phishing enemy number one 10 Mar 2022 Domenico Aliperto
Also in 2021 the two major phenomena observed in terms of IT security were that of double Extortion and that of attacks on the supply chain. To say this is the 2022 edition of the 2022 Report by Yoroi (Tinexta Group), which photographs the state of cyber threats faced by our country in the previous year and identifies the trends that are reflected in Italy on a global level.
The report highlights how the techniques and procedures used by cybercriminals are similar to those observed in previous years: phishing, zero day malware, supply chain attacks. Solutions and tools perfected by attackers to better exploit the weakness of the human factor with social engineering techniques and induce victims to make mistakes based on haste, urgency, and distraction. One of the distinctive features of Yoroi's Cyber Security Annual Report concerns data. The raw data used does not belong to open source intelligence (Osint) or to the detections of external networks, but rather to real incidents that have been handled by human analysts. The data used in this report therefore concern real accidents. Index of topics • Malicious code is constantly growing • Cyber-attacks exploit Microsoft Office flaws • Focus on the supply chain Malicious code is constantly growing The volume of malicious code intercepted by Yoroi-Tinexta technology according to the report is steadily growing compared to previous years and the attackers' operating modes suggest a clear division between opportunistic attacks and targeted attacks. WEBINAR March 29, 2022 - 3:00 pm Gabriele Faggioli live to deepen the issues of Compliance and Privacy Legal Data security Read the privacy policy Fill out the form to register for the webinar E-mail • Allows the sending of promotional communications relating to the products and services of third parties with respect to the Joint Controllers who belong to the manufacturing, services (in particular ICT) and trade branch, with automated and traditional methods of contact by the third parties themselves, to which the data is disclosed. The telemetry offered by the Yoroi platform made it possible to extract a series of statistics regarding “zero-day Malware” attacks, i.e. Malware not known to the signatures of antivirus systems, being 76% of 0-day Malware threats. In this context, phishing and spear phishing are the most adopted vectors in 2021 to start the attack chain. As highlighted in 2020, the majority of Malware detected in Italy belong to the type of Banking Trojans. The main input vector is represented by Ursnif with a presence of 33.5% of the total and the presence of Emotet for 18.9% of the samples. However, during 2021, phishing, with 41.88% of attacks blocked, was the number one threat to address. The second group for blocked request volumes are malware with a prevalence of 38.08%. The third macro-family of threats blocked are malicious websites with 19.95%. With regard to Botnets and Opportunistic Attacks, based on the observations there is a typical distribution of the origin of the incursions in which the United States as territories of origin once again occupy the first place this year with 38% of the share, increasing compared to the year 2020 (34%). Furthermore, attempts from China have remained constant compared to last year at 24%. The third place is kept by the Russian infrastructures, which from our telemetry contain 8% of malicious communications. Even in 2021, malicious actors continue to prefer email and messaging as a vector for spreading malware: for the fifth year in a row, malicious emails represent a significant part of cyber-attacks. Cyber-attacks exploit Microsoft Office flaws "By examining the telemetry collected by the monitoring infrastructure of our Cyber Security Defense Center," comments Yoroi, "we can confirm that Microsoft Office documents are the most relevant delivery vector for malware. During 2021, a significant trend was identified by criminal actors to experiment with new techniques for exploiting the world's most used electronic document production tool to spread malicious code. Although not one of the most used vectors, the exploitation of technological flaws by malicious actors - especially on the external perimeter - has gradually increased in popularity in 2021 ". During 2021, numerous vendors were victims of attacks through their products, both directly as in the striking case of Kaseya, and indirectly, with the exploitation of serious flaws found within their hardware and software systems. . Towards the end of 2021, what appeared to be, for insiders, a serious catastrophe in the environment of cybersecurity, an open source software used in practically all projects written in Java language, both in the open source field, emerged. and in the Enterprise environment: Log4j. Throughout December 2021, where the attacks were en masse, the Yoroi Csdc team was active 24 hours a day to monitor attack attempts for this vulnerability. Focus on the supply chain The attacks on the supply chain were, as mentioned, of particular relevance. Every business is based on value chains that often transcend the same company boundaries. Production chains are increasingly complex, intricate and extensive: at the base of any product or service there can be dozens or hundreds of completely heterogeneous organizations, from micro-enterprises to large, interconnected groups. Each of these entities, these small knots in the intricate graph of commercial relations that form the corporate supply chain, have a role and with it the associated risks. “To face these risks in the near future”, concludes Yoroi, “it is necessary to make significant improvement efforts in the management of Cyber-Crisis, becoming capable of developing corporate and technological protection policies to prevent and contain them”.
target