Acronis released its latest cyberthreats and trends report for the second half of 2022 which found that phishing and the use of MFA (Multi-Factor Authentication) fatigue attacks, an extremely effective method used in high-profile breaches, are on the rise. Conducted by the Acronis Cyber Protection Operation Center, the report provides an in-depth analysis of the cyberthreat landscape including ransomware threats, phishing, malicious websites, software vulnerabilities and a security forecast for 2023.
Of note, the report found that threats from phishing and malicious emails have increased by 60%, and the average cost of a data breach is expected to reach $5 million by next year. The research team who authored the report also saw social engineering attacks jump in the last four months, accounting for 3% of all attacks. Leaked or stolen credentials, which allow attackers to easily execute cyberattacks and ransomware campaigns, were the cause of almost half of all reported breaches in the first half of 2022.
“The last few months have proven to be as complex as ever – with new threats constantly emerging and malicious actors continuing to use the same proven playbook for big payouts,” said Candid Wüest, Acronis VP of Cyber Protection Research. “Organizations must prioritize all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year. Attackers are constantly evolving their methods, now using common security tools against us – like MFA that many companies rely on to protect their employees and businesses.”
Report Highlights: Threat Landscape Sees New Challenges
As security tactics and the technologies associated with them evolve, so do the threat actors trying to break into organizations and their ecosystems. The constant feed of ransomware, phishing and unpatched vulnerabilities demonstrate how crucial it is for businesses to reevaluate their security strategies.
Ransomware Continues to be the Number One Threat
o LockBit - 1157
o Hive - 192
o BlackCat - 177
o Black Basta - 89
Phishing and Malicious Emails Remain Highly Successful for Threat Actors
Malicious Actors Continue to Seek Out and Target Unpatched Systems
o A phishing campaign targeted Microsoft users in September by using the news coverage of the passing of Queen Elizabeth II and impersonating "the Microsoft team" to bait recipients into adding memo text onto an online memorial board in September.
o Another large-scale phishing campaign was spotted targeting Microsoft M365 email service credentials, specifically at fin-tech, lending, accounting, insurance and Federal Credit Union organizations in the US, UK, New Zealand and Australia.
“Increased recognition that cybersecurity is a growing business risk is a welcome trend across all levels of enterprises,” said Michael Suby, VP Research, Trust and Security at IDC. “The latest Acronis Cyberthreat report explores real-world examples from the second half of this year and offers practical recommendations to protect the people, processes, and technologies that drive modern enterprises.”