A new report into cybersecurity has detailed how ransomware continues to be the main threat to businesses and underlines how over-complexity in IT and infrastructure leads to increased attacks. The report, conducted by Acronis’ Cyber Protection Operation Centers, reveals that nearly half of all reported breaches during the first half of 2022 involved stolen credentials, which enable phishing and ransomware campaigns. Findings underscore the need for more holistic approaches to cybersecurity.
To extract credentials and other sensitive information, cybercriminals use phishing and malicious emails as their preferred infection vectors. Nearly 1 per cent of all emails contain malicious links or files, and more than one-quarter (26.5%) of all emails were delivered to the user’s inbox (not blocked by Microsoft365) and then were removed by Acronis email security.
Moreover, the research reveals how cybercriminals also use malware and target unpatched software vulnerabilities to extract data and hold organisations hostage. Further complicating the cybersecurity threat landscape is the proliferation of attacks on non-traditional entry avenues. Attackers have made cryptocurrencies and decentralised finance systems a priority of late. Successful breaches using these various routes have resulted in the loss of billions of dollars and terabytes of exposed data.
These attacks are able to be launched due to overcomplexity in IT, a common problem throughout businesses as many tech leaders assume more vendors and programs lead to improved security when the inverse is actually true. Increased complexity exposes more surface area and gaps to potential attackers, keeping organisations vulnerable to potentially devastating damage.
“Today’s cyberthreats are constantly evolving and evading traditional security measures,” said Candid Wüest, Acronis VP of Cyber Protection Research. “Organisations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities. Cybercriminals are becoming too sophisticated and the results of attacks too dire to leave it to single-layered approaches and point solutions.”
Critical data points reveal complex threat landscape
As reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks. Cybercriminals increased their focus on Linux operating systems and managed service providers (MSPs) and their network of SMB customers. The threat landscape is shifting, and companies must keep pace.
Ransomware is worsening, even more so than we predicted.
• Ransomware gangs, like Conti and Lapsus$, are inflicting serious damage.
• The Conti gang demanded $10 million in ransom from the Costa Rican government and has published much of the 672 GB of data it stole.
• Lapsus$ stole 1 TB of data and leaked credentials of over 70,000 NVIDIA users. The same gang also stole 30 GB worth of T-Mobile’s source code.
• The U.S. Department of State is concerned, offering up to $15 million for information about the leadership and co-conspirators of Conti.
The use of phishing, malicious emails and websites, and malware continues to grow.
• Six hundred malicious email campaigns made their way across the internet in the first half of 2022.
• 58% of the emails were phishing attempts.
• Another 28% of those emails featured malware.
• The business world is increasingly distributed, and in Q2 2022, an average of 8.3% of endpoints tried to access malicious URLs.
More cybercriminals are focusing on cryptocurrencies and decentralised finance (DeFi) platforms. By exploiting flaws in smart contracts or stealing recovery phrases and passwords with malware or phishing attempts, hackers have wormed their way into crypto wallets and exchanges alike.
• Cyberattacks have contributed to a loss of more than $60 billion in DeFi currency since 2012.
• $44 billion of that vanished during the last 12 months.
Unpatched vulnerabilities of exposed services is another common infection vector—just ask Kaseya. To that end, companies like Microsoft, Google, and Adobe have emphasised software patches and transparency around publicly submitted vulnerabilities. These patches likely helped stem the tide of 79 new exploits each month. Unpatched vulnerabilities also tie into how overcomplexity is hurting businesses more than helping, as all of these vulnerabilities serve as additional potential points of failure.
Breaches leave financial, SLA distress in their wake
Cybercriminals often demand ransoms or outright steal funds from their targets. But companies do not suffer challenges only to their bottom lines. Attacks often cause downtime and other service-level breaches, impacting a company’s reputation and customer experience.
• In 2021 alone, the FBI attributed a total loss of $2.4 billion to business email compromise (BEC).
• Cyberattacks caused more than one-third (36%) of downtime in 2021.
The current cybersecurity threat landscape requires a multi-layered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities all in one place. The integration of these various components gives companies a better chance of avoiding cyberattacks, mitigating the damage of successful attacks, and retaining data that might have been altered or stolen in the process.
The full report is available here.