Positive Technologies specialists have published a report on current cyber threats in 2022. According to experts, the total number of incidents increased by 21% compared to 2021, and this is due to “increased tension in cyberspace.” One of the main trends was the increase in the number of incidents related to web resources, the emergence of wipers, as well as the increased cross-industry consequences of attacks on IT companies.
Most often, among organizations, state institutions (17%), medical institutions (9%) and industry (9%) became victims of attacks. In most of these cases, attackers used malware (54%), social engineering (43%), and exploited vulnerabilities (34%) against them.
Also last year, the share of successful attacks against organizations’ web resources increased. If in 2021 official websites were compromised in 17% of cases, then in 2022 the share of such incidents was 22%. Government institutions were the hardest hit: the number of incidents related to attacks on web resources more than doubled, and their share increased from 23% to 41%.
Analysts expect such attacks to continue in 2023. They are especially dangerous for companies that provide online services and provide online payment options: attackers can embed malicious code into websites to intercept personal and payment data.
Ransomware is still the most popular type of malware for cybercriminals. In 2022, criminals used ransomware in every second successful attack on organizations (51%). The most common consequences of such incidents were business disruption (79%) and confidential data leaks (55%). In 12% of incidents, companies suffered direct financial losses.
It is noted that many groups rewrote the malware used in cross-platform programming languages and created versions aimed at both Windows and Linux systems. In addition, the distribution of malware to remove data collection (wipers) is becoming a trend: the increase in the number of incidents using wipers was 175% of the figures for 2021.
In 2022, the interest of cybercriminals in cryptocurrency has once again increased. The number of successful attacks on blockchain projects has more than doubled compared to last year. In 78% of incidents, the attackers succeeded in stealing funds, with the amount of damage in some cases amounting to several hundred million dollars.
Individuals were more likely to become victims of social engineering attacks: the attackers spread messages on social networks and instant messengers about the free distribution of tokens and NFTs, and also offered to transfer funds, promising to return much more assets than were invested. Analysts believe that in 2023 the number of cases of fraud aimed at holders of cryptocurrency assets will only increase.
Social engineering is still on top. In successful attacks on organizations, the share of using this method is 43%, on individuals – 93%. Attackers actively used the phishing-as-a-service model (“phishing as a service”), and even low-skilled hackers could carry out large-scale attacks: ready-made phishing kits helped them in this.
The year passed under the sign of mass leaks: during the entire period, Positive Technologies experts recorded reports of data compromise. Most often, medical institutions became the source of leaks: in 82% of incidents, attackers managed to steal confidential information, mainly personal data of medical institutions’ clients. In organizations engaged in scientific research or providing educational services, this figure was 67%, and in retail trade – 65%.
Together with massive leaks, attacks aimed at bypassing multi-factor authentication are gaining popularity. This could lead to an increase in the number of incidents in 2023.
The number of successful attacks targeting IT companies gradually increased, and in the fourth quarter of 2022, their number almost doubled that of the first quarter. Most often, incidents resulted in leaks of confidential information (63%), disruption of core business (35%), use of company resources for attacks (13%).
Such large organizations as Globant, Microsoft, Nvidia, Samsung became victims of malefactors. Attacks on IT companies had cross-industry consequences: both through subsequent hacking of customer infrastructure and through disruption of customer business processes. For example, people could not receive a number of medical and government services due to an attack on an IT solution provider.