Ransomware down 57% but other threats looming, warns report

The Secureworks Counter Threat Unit (CTU) has found that most real-world security incidents start with much smaller organisational issues.

Given the current landscape involving risks of advanced AI threats dominating the cybersecurity industry, this finding emphasises the importance of businesses focusing on cyber hygiene to improve their network defences.

Secureworks helped contain and remediate more than 500 real-world security incidents in 2022, with the company’s CTU researchers analysing the data from these events to understand trends and emerging threats.

One of the key findings of this research is that incidents involving business email compromise (BEC) have doubled, knocking ransomware off the top spot as the most common type of financially-motivated cyber threat to companies.

The Secureworks CTU was able to link the growth in BEC to a significant increase in successful phishing campaigns, making up 33% of incidents where the initial access vector (IAV) could be established. This was almost three times higher than in 2021 (13%).

Exploiting vulnerabilities in internet-facing systems was an equally popular entry point for both nation-state and cybercriminal attackers, accounting for one-third of incidents where IAV could be established.

Threat actors generally didn’t need to use zero-day vulnerabilities, instead opting for publicly disclosed vulnerabilities to target unpatched machines, including ProxyLogon, ProxyShell and Log4Shell.

Ransomware incidents saw a 57% decrease but remain a core threat.

Secureworks notes this could be because of changing tactics or equally due to fewer threats as law enforcement ramps up its activity around high-profile attacks such as Colonial Pipeline and Kaseya.

However, it could also be because gangs may be targeting smaller organisations that are less likely to engage with incident responders (meaning they would fall outside the scope of Secureworks’ report).

“Business email compromise requires little to no technical skill but can be extremely lucrative. Attackers can simultaneously phish multiple organisations looking for potential victims, without needing to employ advanced skills or operate complicated…