Content, Content

Ransomware Incidents Decline Slightly in 2022, as Defenders Become More Capable to Detect and Prevent

BARCELONA, SPAIN – FEBRUARY 26:  A logo sits illumintated outside the IBM booth on day 2 of the GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain. The annual Mobile World Congress hosts some of the world’s largest communications companies, with many unveiling their latest phones and wearables gadgets like foldable...

The number of ransomware attacks dropped by 4% in 2022 as compared to the prior year, as defenders became more capable of detecting and preventing the malware, IBM said in its newly released annual X-Force Threat Intelligence Index.

However, attackers are adjusting to defenders’ newfound capabilities, shown in a drop in the average time to complete a ransomware attack down from two months to less than four days, IBM said.

Backdoors Attract Ransomware

According to the report, backdoors, which allow remote access to systems, were the top action by attackers last year. About 67% of those backdoor cases related to ransomware attempts, in which defenders were able to detect the backdoor before ransomware was deployed.

The uptick in backdoor deployments can be partially attributed to their high market value, selling on the open market for up to $10,000 when stolen credit card data can be offloaded for less than $10, IBM said.

Extortion Tops Attack Vector List

Some of the key findings in the 2023 report include:

  • The most common impact from cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks.
  • Europe was the most targeted region, representing 44% of extortion cases observed, as threat actors sought to exploit geopolitical tensions. Manufacturing was the most extorted industry in 2022, and it was the most attacked industry for the second consecutive year likely because of its low tolerance for downtime.
  • Thread hijacking saw a significant rise in 2022, with attackers using compromised email accounts to reply within ongoing conversations posing as the original participant. Monthly attempts by threat actors doubled compared to 2021.
  • One of the latest tactics involves making stolen data more accessible to downstream victims. By bringing customers and business partners into the mix, operators increase pressure on the breached organization.
  • The ratio of known exploits to vulnerabilities is down 10% since 2018. Cyber criminals already have access to more than 78,000 known exploits, making it easier to exploit older, unpatched vulnerabilities.
  • The number of cyber criminals targeting credit card information in phishing kits dropped 52% in one year. Accordingly, attackers are prioritizing personally identifiable information such as names, emails and home addresses, which can be sold for a higher price on the dark web or used to conduct further operations.
  • Energy held its spot as the fourth most attacked industry last year, as global forces continue to affect an already tumultuous global energy trade. North American energy organizations accounted for 46% of all energy attacks observed last year, a 25% increase from 2021 levels.
  • Asia saw more cyberattacks than any other region, accounting for nearly one-third of all attacks that X-Force responded to in 2022. Manufacturing accounted for nearly half of all cases observed in Asia last year.

Commenting on the survey, Charles Henderson, who heads IBM Security X-Force, said:

"The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain - tempering ransomware's progression in the short term. But it's only a matter of time before today's backdoor problem becomes tomorrow's ransomware crisis. Attackers always find new ways to evade detection. Good defense is no longer enough. To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy."

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.