It’s tradition now to review the year and share all cybersecurity trends and ANY.RUN‘s updates of the last year. Our team has prepared 2022’s threat stats and hopes it helps you make your best decisions.
For a moment, it looked like we were headed for a great year.
January began with a huge win against REvil, whose activity got squashed by an unprecedented international law enforcement operation. Was the world about to crack down on ransomware and finally deal the lethal blow?
Unfortunately — no. One way or another, ransomware was in the spotlight this year. Only, not in the way we would have liked.
A new player called Conti quickly filled the void left by REvil. The audacious gang almost caused a nation-wide economic collapse in Costa Rica by temporarily driving the country’s international trade into a standstill. Looks like this battle will continue in 2023.
This year was, once again, a record-breaker. And not in a good way. But it’s not all doom and gloom, though. New cybersecurity tools are coming in the clutch to assist security professionals and ANY.RUN is continuing to make threat analysis simpler and easier than ever before.
Let’s dive straight into the malware trends of the outgoing year and recount how far we’ve come in our annual report.
Cybersecurity 2022 review
- Ransomware is still a huge threat. An unprecedented attack against the government of Costa Rica halted the country’s export and import early in the year. The economy was paralyzed and a state of emergency was declared. Ransomware can cripple countries, then. This malware type has also undergone a Cambrian explosion, with over 21 000 variants appearing in the wild. Keep your eyes on Lock-Bit, Play, HIVE, Royal and Donut.
- Data breaches were on the rise, too. A hacking group called Lapsus$ entered the stage in December 2021 and immediately began wreaking havoc. One after another, they breached Nvidia, Samsung, Ubisoft, and then Bing. In an unrelated incident, Twitter got hacked thanks to a zero-day vulnerability. The security oversight caused a leak that revealed the confidential data of 5.4 million users.
- DDoS attacks are at a historical all-time high. This year’s unstable geopolitical landscape nourished state-sponsored hacktivists, who, having decided that the existing tools are not enough, began working on new botnets. As a result, attacks over 1 Tbp/s are now common, and their duration is increasing alarmingly fast. Of course, hackers were quick to jump on the wagon. They began incorporating DDoS into multi-vector attacks as a smokescreen to throw off security teams.
- Digital supply chains are growing in scale and complexity. Enterprises rely increasingly on third-party solutions, whose cybersecurity they can’t control. Open-source libraries, use of trusted software, and post-pandemic security ease off: these are all factors that expose enterprises to supply chain attacks.
- Cyber attacks are getting more press coverage, and many companies are finally getting serious about security. But lack of funding and understaffing remains an acute issue with many teams complaining that there are simply not enough hands on deck to respond to incidents effectively.
- To counterbalance the shortage of trained personnel, companies are beginning to adapt managed services. And thanks to online sandboxes, identification and analysis are now faster than it’s ever been.
Malware 2022 review
There were 2.8 billion malware attacks in the first half of 2022. While the data that covers the whole year is not available yet, this is in line with what we saw in 2021.
ANY.RUN can also share with you some numbers. Redline dominated ANY.RUN’s upload chart, and Emotet was not far behind, helping to spread other variants.
This year our users uploaded and analyzed 2.7 million samples on the service, with almost 500k task increase over 2021. A huge thank you for the continued support!
As the infographic below shows, 60% of them were, in fact, trojans:
ANY.RUN in 2022
The big picture: this year, we automated malware configuration extraction (yeah), made the startup time imperceptibly quick, and released a new view that shows every detail of a process under a magnifying glass.
We’ve also released an improved team management feature for big enterprises and made countless user-experience improvements.
Here are the major things:
ANY.RUN is now 10 times as fast
It’s a given that startup speed is crucial for a sandbox. After all, In incident response every second matters. Our service has always performed exceptionally well in this regard, with the delay between uploading the sample and launching the analysis only around 18 seconds. A result that was already ahead of most interactive sandboxes, leaving automated ones firmly in the dust.
But that wasn’t enough.
So this year, we improved it by another 10 times with the Instant access technology. Which means that a sample runs immediately and is ready for analysis. Get both: the first results in a flash and stable usage for your research.
Improved analysis: more details and higher accuracy
- With Malware configurations, ANY.RUN can get inside a sample’s memory dump and extract information from it automatically, digging out a trove of valuable data.
- A new extended process view helps to gain a deeper look at the registry, file system, network, and process activity.
- We’ve added over 100 new signatures and corrected more than 300, improving detection and decreasing false positives.
- New JA3, JA3S, and JARM fingerprinting methods.
- Text reports were updated with a clearer navigation, more logical data structure and a granular control over printing formats.
- New information on various mutex objects that you can investigate in the Synchronization tab.
Expanded VM: more functions and flawless process
- Windows 11 support. You can now run your analysis in Microsoft’s latest operating system.
- Edge browser. You can now access Microsoft’s new default browser from our VMs.
- Improved VM streaming. We are now streaming everything using HTML5. The playback became smoother, framerate higher, and scrubbing — more responsive.
- Profile interface overhaul. The user’s cabinet was redesigned to make customization easier. A new team management section was also added.
Team management and Enterprise
A new Enterprise plan was introduced. Perfect for large teams, it comes with a unique team management interface.
ANY.RUN is now headquartered in the UAE
We’ve opened a new HQ location in sunny Dubai!
The new space will help us to keep innovating and grow. Expect to see lots of exciting features coming to you from our Dubai office, which is now home to new and existing ANY.RUN team members. We are excited to keep collaborating with our customers and business partners at the new location.
Other cool stuff
We were named the Most innovative security service of the year in the 18th Annual 2022 Cyber Security Global Excellence Awards. Also Technology Innovator Awards 2022 recognized ANY.RUN as Monitoring & Analysis Innovators 2022 and we’re honored to be Malware Monitoring Innovators of the Year by Global Awards 2022/23.
We’re proud that our approach, which centers around making manual analysis faster and easier, has been so highly distinguished.
Our team has also attended the ASIS Middle East Conference, Black Hat Middle East and Africa, GITEX Global 2022 cybersecurity event — the biggest in the region. We had a blast there and met lots of companies who were interested in using interactive sandboxes to tighten their security.
Top 5 blog posts
ANY.RUN Blog was very active this year and we’re proud to share our most viewed posts. Don’t miss out on these posts:
- Raccoon Stealer 2.0 Malware analysis
- How We Discovered and Prevented an IMG-Based Malware Attack
- Expert Q&A: nao_sec Follina Zero-day Vulnerability
- How to Do Malware Analysis. Infographic
- Malware Analysis Report in One Click
And that is amazing that more and more specialists find our blog interesting – thank you!
Cybersecurity trends for 2023
As threats continue to evolve, so does our industry. We think that the following trends will help to shape it in 2023:
- Companies will be outsourcing more aspects of their security to managed services. On the surface, this is good for small teams that lack expertise. But will it create disjointed security systems?
- To protect against ransomware, businesses will work on rebuilding endpoints with a sophisticated EDR. It will be a race to decrease their attack surface before they suffer a heavy blow.
- The role of the cybersecurity department will become clearer for many companies. There will be less of a disconnect between what is expected of a security team and what it actually does.
- Cloud infrastructure security will continue to evolve. We’ll see many new tools and novel approaches here.
- AI will be at the forefront of innovation, and its adoption will grow. We might see things like neural networks that spot traffic anomalies better than humans do.
ANY.RUN is also planning to make some big improvements in 2023. Stay tuned for news, and, once again, a huge thanks for choosing our service!