2022 State of the Threat: A Year in ReviewRansomware, loaders, stealers, zero-day exploits, cyberwarfare, espionage: the cyber threats kept coming in 2022 – and threat actors are growing in skill and stealth. By: Barry Hensley, Secureworks Chief Threat Intelligence Officer
Despite ongoing cyber warfare arising from the war in Ukraine, ransomware continues to be the most pressing threat for most organizations.
In our latest State of the Threat report, we drew heavily on our analysis of the 3.29 trillion security events processed every week by the Secureworks® Taegis™ XDR platform, data from our Taegis VDR (vulnerability detection and response) solution, proactive research on 159 threat groups, and insights gathered through 1,400 engagements carried out by the Secureworks Incident Response Team. Combined, these information sources paint a comprehensive picture of the threat landscape over the past twelve months.
Key findings from the report
- Ransomware is still the primary threat facing private and, increasingly, public sector organizations. The median detection window for ransomware attacks in 2022 stands at 4.5 days. Loaders remain a key component of the ransomware ecosystem, although use fluctuates between new and long-established options.
- Hack-and-leak attacks continue to present an attractive alternative opportunity for cybercriminals. Business email compromise also still ranks alongside ransomware as a major threat.
- Exploitation of vulnerabilities in internet-facing services replaced credential-based access as the most common initial access vector. Even so, the market for infostealers is thriving. The number of infostealer logs for sale on underground forums has more than doubled in the past year.
- Government-sponsored threat actors remain regionally focused. Some are using ransomware attacks as a cover for espionage or cyber disruption. Cyberwar has not significantly expanded beyond the confines of Russia and Ukraine.
- Threat actors are starting to find ways to bypass multi-factor authentication, helped by incomplete implementations.
Threat actors are moving more swiftly than ever to exploit new vulnerabilities, combining sophisticated tactics with more basic techniques in the hope of evading detection. Learn more about these findings in the 2022 State of the Threat report to enhance your organization’s security posture.