Many consumers face the same malware threats as do businesses, yet they are often victimized by inadequate security to protect themselves from cyberattacks. In many cases, the resources to defend their home networks and devices, ReasonLabs said in a new report.
A good deal of individuals and home users also are saddled with using legacy anti-virus products with antiquated engines that need to be replaced, the New York-based, consumer-centric security provider said:
“One commonality that unites most individuals or home users, no matter where they are in the world or what their socioeconomic status might be, is a lack of adequate cybersecurity with the capabilities of protecting their devices and home networks from next-generation threats."
Key Findings From the Report
Here are the study’s findings:
- The emergence of the metaverse and increased adoption of IoT devices carry new cyber risks, such as the metaverse attack vector identified by ReasonLabs researchers in 2022.
- Malicious web extensions are becoming more and more prevalent; 15% of all malicious extensions detected throughout 2022 came from users in the United States.
- Trojanized software, such as coin miners, backdoors, infostealers, remote access trojans (RATs), and spyware, continues to be a top threat to home users and remote employees, as they accounted for 31% of all detections.
- The rise in HackUtilities detections from 4% in 2021 to 20% in 2022 demonstrates that online piracy — the use of pirated or cracked software and applications — is either at or near an all-time high.
- Cyber warfare is increasingly impacting average citizens around the world, with the most notable examples in 2022 coming from Russia's war in Ukraine. The study found a large increase in detections in Ukraine throughout February compared to January, signaling that Russia's invasion was also paired with cyberattacks.
- The top five countries with the most detections per user throughout 2022 are Kazakhstan, Russia, Egypt, Ukraine and Bolivia, respectively. While the list is diverse, more than 50% (11/20) of the most attacked countries are in Asia, while only 10% (2/20) are from Europe.
- Phishing remains the leading malware distribution method affecting home users and remote employees.
- Crimeware-as-a-Service (CaaS), the practice of providing cyber products and services to criminals to facilitate large-scale attacks, is on the rise. CaaS products and services typically deliver ransomware, malware, phishing threats, and more.
- As businesses improve their cybersecurity practices, attackers are increasingly focusing on home users. The proliferation of remote and hybrid work has made it easier for attackers to access corporate networks through employees' home networks.
- The 2021 launch of the Ransomware and Digital Extortion Task Force in the U.S., along with government legislation around companies engaging with ransomware demands, means some attackers are deploying ransomware on home users instead of large corporations.
Commenting on the study, Kobi Kalif, ReasonLabs' chief executive and co-founder, said:
"In order to protect themselves and their families against both existing and emerging threats, home users should educate themselves about potential dangers, and utilize cyber protection solutions such as next-gen antivirus software, a VPN, a DNS filter, and parental control apps across their digital devices."
Looking Ahead in 2023
ReasonLabs researchers also put forth some security predictions for 2023:
- More sophisticated phishing and social engineering scams as consumers become more aware of common tactics.
- Growth in Phishing-as-a-Service and overall CaaS.
- 2FA will continue to be bypassed, likely leading to the increasing use of three- or four-factor authentication.
- Unsecured consumers, particularly young users, will continue to be susceptible as they engage with cryptocurrencies, the metaverse, and other digital assets.
- The continued deployment of next-generation threats as emerging technologies, such as virtual reality, will become more mainstream.