Flashpoint Year In Review: 2022 Breaches and Malware Threat Landscape


KEY TAKEAWAYs

This blog highlights trends in notable observed advertisements on illicit forums for breached data, including databases or claims of network access; hacking services; and various strains and types of malware from January 1, 2022 through November 30, 2022.

  • The most frequently reported-on targeted sectors in 2022 were the government, financial, and retail industries.
  • The United States was the most-targeted geographic region in breach reporting this year.
  • Threat actors most commonly advertised and discussed hacking services, malware, and exploits on the popularly used forums Breach Forums, Exploit, and XSS.
  • Phishing pages were some of the most popular offerings within hacking service and malware advertisements.

Data breach landscape

Mostly motivated by greed, threat actors will target any organization regardless of sector. Therefore, data breaches provide key insights into the methods and tactics of hackers—since they will do whatever it takes to gain illegal access into their target’s network—using the plethora of advertised malware and hacking services available on illicit marketplaces.

As such, studying data breaches can help organizations and their security teams improve their security controls and incident response plans. Understanding who breaches affect, as well as where they take place, helps you gain visibility into your risk profile.

Here’s how the data breach landscape played out in 2022.

Most impacted sectors

According to our research team, there were a total of 4,146 reported global data breach events that occurred this year. Of those events, the top three sectors that experienced the most breaches were government, financial, and retail:

Figure 1: Top targeted sectors in breaches reporting this year

However, although sectors such as Healthcare and Technology also had been impacted by breach events, there was a fourth category that experienced the next most activity—”Unknown.” The unknown category represents datasets (whether advertised or leaked) where the victim’s identity was unavailable—either because that information was not disclosed, or because the data itself or the shared sample lacked any kind of identifiable information.

Source…