According to Unit 42 research, ransomware and business email are topping the charts for cyberattacks this year, and economic pressures could encourage more people to enter a new career in cybercrime.
Ransomware and business email compromises (BEC) topped the list of types of attacks on organizations last year, accounting for 70% of the total number, according to the 2022 Unit 42 Incident Response Report from Palo Alto Networks’ Unit 42, an in-house cybersecurity consultancy. The company compiled the report’s findings based on approximately 600 incident responses completed by Unit 42 between May 2021 and April 2022.
Here's a quick breakdown of the key findings:
It is suspected that 77% of breaches are caused by three bitcoin data initial access vectors – phishing, exploitation of known software vulnerabilities, and brute force credential attacks primarily focused on the remote desktop protocol.
The report also found that more than 87 percent of the positively identified vulnerabilities fall into one of six main categories – the ProxyShell and ProxyLogon flaws in Exchange Server, the Apache Log4j flaw, and vulnerabilities in Zoho ManageEngine ADSelfService Plus, Fortinet, and SonicWall.
Half of the compromised organizations lacked multifactor authentication on key internet-facing systems such as corporate webmail, virtual private network (VPN) and other remote access solutions.
The seven most targeted sectors were finance, professional and legal services, manufacturing, healthcare, high technology, and wholesale and retail. These accounted for more than 60% of the cases, according to Unit 42.
Unit 42 said attackers may focus on certain industries, such as finance and healthcare, because they store, transmit and process large volumes of sensitive, monetizable information — or simply because they make widespread use of certain software with known vulnerabilities.
Internal threats
It’s not always about the money, according to the report. Grudges matter, too. Insider threats accounted for just 5.4 percent of the incidents Unit 42 handled, “but they can be significant because they involve a malicious actor who knows exactly where to look for sensitive data,” the report said. Additionally, 75 percent of insider threat cases involved a disgruntled former employee who left with company data, destroyed company data, or accessed company networks after leaving.
This could be exacerbated during a recession, as layoffs and frustrations mount. Researchers predict that declining economic conditions could drive more people to turn to cybercrime as a way to survive.
“Cybercrime is an easy business to get into right now because of its low cost and often high returns,” Wendi Whitmore, senior vice president and head of Unit 42 at Palo Alto Networks, said in a statement. “As such, novice and unskilled threat actors can start out with access to tools like hacking as a service, making them more popular and available on the dark web.”
Ransomware
Ransomware can target sensitive organizations, such as hospitals, and can further pressure organizations with threats to release sensitive information if the ransom is not paid. Additionally, Unit 42 has tracked at least 56 active “ransomware-as-a-service” groups operating since 2020.
“RaaS is a business for criminals, by criminals, with agreements that set the terms for delivering ransomware to affiliates, often in exchange for monthly fees or a percentage of the ransoms paid,” the report said. “RaaS makes carrying out attacks much easier, lowering the barrier to entry for potential threat actors and expanding the reach of ransomware.”
Unit 42 reported that ransomware demands reached $30 million last year, with some customers paying ransoms of more than $8 million. Unit 42 noted that threat actors attempt to access financial information when they gain unauthorized access to a victim organization and calculate ransom demands based on the perceived revenue of the organization being extorted.