Skip to Main ContentSkip to Footer
Research & Intelligence

2022 State of the Threat: A Year in Review

Ransomware, loaders, stealers, zero-day exploits, cyberwarfare, espionage: the cyber threats kept coming in 2022 – and threat actors are growing in skill and stealth.

State of the Threat Report
Barry Hensley, Secureworks Chief Threat Intelligence Officer
October 4, 2022

Despite ongoing cyber warfare arising from the war in Ukraine, ransomware continues to be the most pressing threat for most organizations.

In our latest State of the Threat report, we drew heavily on our analysis of the 3.29 trillion security events processed every week by the Secureworks® Taegis™ XDR platform, data from our Taegis VDR (vulnerability detection and response) solution, proactive research on 159 threat groups, and insights gathered through 1,400 engagements carried out by the Secureworks Incident Response Team. Combined, these information sources paint a comprehensive picture of the threat landscape over the past twelve months.

Key findings from the report

  • Ransomware is still the primary threat facing private and, increasingly, public sector organizations. The median detection window for ransomware attacks in 2022 stands at 4.5 days. Loaders remain a key component of the ransomware ecosystem, although use fluctuates between new and long-established options.
  • Hack-and-leak attacks continue to present an attractive alternative opportunity for cybercriminals. Business email compromise also still ranks alongside ransomware as a major threat.
  • Exploitation of vulnerabilities in internet-facing services replaced credential-based access as the most common initial access vector. Even so, the market for infostealers is thriving. The number of infostealer logs for sale on underground forums has more than doubled in the past year.
  • Government-sponsored threat actors remain regionally focused. Some are using ransomware attacks as a cover for espionage or cyber disruption. Cyberwar has not significantly expanded beyond the confines of Russia and Ukraine.
  • Threat actors are starting to find ways to bypass multi-factor authentication, helped by incomplete implementations.

Threat actors are moving more swiftly than ever to exploit new vulnerabilities, combining sophisticated tactics with more basic techniques in the hope of evading detection. Learn more about these findings in the 2022 State of the Threat report to enhance your organization’s security posture.

Back to all Blogs

Now Trending...

State of the Threat Report 2023
Report

State of the Threat Report

Access Now

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.

Additional Resources

cyberpredictions24_4-3-xl (1)
Blog

Three Cybersecurity Platform Predictions for 2024

Read Now