Consumers Face Greater Risks from Malware but Many are Unprepared and Vulnerable

“One commonality that unites most individuals or home users, no matter where they are in the world or what their socioeconomic status might be, is a lack of adequate cybersecurity with the capabilities of protecting their devices and home networks from next-generation threats."

• The emergence of the metaverse and increased adoption of IoT devices carry new cyber risks, such as the metaverse attack vector identified by ReasonLabs researchers in 2022.
• Malicious web extensions are becoming more and more prevalent; 15% of all malicious extensions detected throughout 2022 came from users in the United States.
• Trojanized software, such as coin miners, backdoors, infostealers, remote access trojans (RATs), and spyware, continues to be a top threat to home users and remote employees, as they accounted for 31% of all detections.
• The rise in HackUtilities detections from 4% in 2021 to 20% in 2022 demonstrates that online piracy — the use of pirated or cracked software and applications — is either at or near an all-time high.
• Cyber warfare is increasingly impacting average citizens around the world, with the most notable examples in 2022 coming from Russia's war in Ukraine. The study found a large increase in detections in Ukraine throughout February compared to January, signaling that Russia's invasion was also paired with cyberattacks.
• The top five countries with the most detections per user throughout 2022 are Kazakhstan, Russia, Egypt, Ukraine and Bolivia, respectively. While the list is diverse, more than 50% (11/20) of the most attacked countries are in Asia, while only 10% (2/20) are from Europe.
• Phishing remains the leading malware distribution method affecting home users and remote employees.
• Crimeware-as-a-Service (CaaS), the practice of providing cyber products and services to criminals to facilitate large-scale attacks, is on the rise. CaaS products and services typically deliver ransomware, malware, phishing threats, and more.
• As businesses improve their cybersecurity practices, attackers are increasingly focusing on home users. The proliferation of remote and hybrid work has made it easier for attackers to access corporate networks through employees' home networks.
• The 2021 launch of the Ransomware and Digital Extortion Task Force in the U.S., along with government legislation around companies engaging with ransomware demands, means some attackers are deploying ransomware on home users instead of large corporations.

"In order to protect themselves and their families against both existing and emerging threats, home users should educate themselves about potential dangers, and utilize cyber protection solutions such as next-gen antivirus software, a VPN, a DNS filter, and parental control apps across their digital devices."

• More sophisticated phishing and social engineering scams as consumers become more aware of common tactics.
• Growth in Phishing-as-a-Service and overall CaaS.
• 2FA will continue to be bypassed, likely leading to the increasing use of three- or four-factor authentication.
• Unsecured consumers, particularly young users, will continue to be susceptible as they engage with cryptocurrencies, the metaverse, and other digital assets.
• The continued deployment of next-generation threats as emerging technologies, such as virtual reality, will become more mainstream.