Phishing, MFA fatigue attacks are on the rise, and the cost of a data breach is now expected to reach $5 million, according to a year-end cyberthreat report from cybersecurity firm Acronis.
The Switzerland-based firm’s report from its Cyber Protection Operation Center provides an in-depth analysis of the cyberthreat landscape including ransomware, phishing, malicious websites, software vulnerabilities and a security forecast for 2023, including how phishing emails and the cost of a data breach are on the rise.
According to Acronis’ report, phishing and malicious emails have increased by 60% in the third quarter of 2022, and social engineering attacks also jumped, accounting for 3% of all attacks. Continuing the theme of attacks on credentials and identities, Acronis says leaked for stolen credentials were the cause of almost half of all reported breaches in the first half of 2022.
Ransomware remains the largest threat
Ransomware remains the top threat to big and medium businesses, including government, healthcare and other critical organizations, Acronis’ report found. This comes despite ransomware volumes, samples and new families all decreasing in the second half of this year.
However, ransomware gangs were adding at least 200 new victims to their combined list in each month in the second half of 2022, according to Acronis. The top four ransomware operators were LockBit, Hive, BlackCat and Black Basta with a combined total of just over 1,600 compromised victims. As is regularly seen in the ransomware economy, those four families are largely the rebranding of former ransomware gangs such as REvil, BlackMatter and others.
Ransomware groups were far more active in the first half of 2022, with average ransomware detections per day at 368 for the first half of the year and 226 for the second half. Leading 2022 in ransomware detections was the United States, with regional ransomware detection percentages of at least 60% in all three quarters of 2022 studied.
Another alarming trend is the shift towards more data exfiltration and the targeting of macOS and Linux systems, with most of the larger ransomware groups also looking at cloud environments.
Phishing, malicious emails and social engineering
Attacks designed to steal credentials and compromise accounts have been a tried-and-true attack method, and these techniques are only growing in popularity and complexity, according to Acronis, which found that the proportion of phishing attacks between July and October 20222 rose by 1.3 times against malware attacks, reaching 76% of all email attacks. That figure is up from a 58% increase in the first half of 2022.
Social engineering threats are also on the rise over the last four months and now account for 3% of all attacks.
Phishing, meanwhile, continues to be a top threat facing organizations, with phishing activity rising by 130% between July and November 2022.
Specific industries were the most targeted with email threats, including construction, retail, real estate, professional services (such as computers and IT) and finance.
Unpatched vulnerabilities continue to wreak havoc
While phishing and social engineering remain a popular attack vector, Acronis’ report finds that unpatched vulnerabilities continue to be a gold mine for threat actors, with 475 out of nearly 13,000 reported vulnerabilities being actively exploited in the first half of 2022.
The company singled out Microsoft and Patch Tuesdays, and the report went through some of the more critical bugs in the IT giant’s systems discovered over the second half of 2022. However, Acronis also detailed critical vulnerabilities in products from Google, Adobe, Cisco and others.
“We know that ransomware attackers have taken advantage of more than 150 vulnerabilities during this same period, emphasizing once again how important it is to patch on time and have vulnerability assessment functionalities in place to protect businesses and home users,” the report says.
The cybersecurity company’s recommendations in the report are largely best practices that IT security professionals have been echoing for years: password security, patching, phishing awareness, using a VPN and using comprehensive security tools.
However, the firm’s predictions for 2023 include more information about what cybercriminals will target next, including authentication and identity management systems, social engineering via texting and collaboration apps, attacks leveraging blockchains and the adoption of artificial intelligence and machine learning by threat actors.
Read the company’s report for more information.