Phishing, malicious emails were the main vector of infection in 2022: Acronis

Acronis, a global cyberprotection provider, has found that phishing and the use of multifactor authentication fatigue attacks* are on the rise. 

Source: Acronis Year-End Cyberthreats Report 2022. Phishing and malicious emails are the main infection vector. BEC stands for business email compromise. For 2023, Acronis predicts that attackers will continue to try to automate and personalise their phishing and email-related attacks using previously-leaked data. Socially-engineered scams, like BEC attacks, will increasingly spread to other messaging services (SMS/texting, Slack, Teams chat, etc.) to avoid filtering and detection, the report authors said. Phishing, on the other hand, will continue to use proxies to capture session tokens, steal MFA tokens, and use diversions like QR codes to further hide itself.

According to its latest cyberthreats and trends report** for 2H22, threats from phishing and malicious emails have increased by 60%, and the average cost of a data breach is expected to reach US$5 million by 2023. The report authors also saw social engineering attacks jump in the last four months, accounting for 3% of all attacks. Leaked or stolen credentials, which allow attackers to easily execute cyberattacks and ransomware campaigns, were the cause of almost half of all reported breaches in the first half of 2022.

Report highlights include:

Ransomware

- Ransomware threats to businesses including government, healthcare, education and other sectors are generally getting worse.

- Each month in 2H22 ransomware gangs added 200-300 new victims to their combined list.

- The ransomware operator market is dominated by four to five players. By the end of Q322, the total number of compromised targets published for the main operators in 2022 were as follows:

• LockBit - 1,157
• Hive - 192
• BlackCat - 177
• Black Basta - 89

There were 576 publicly-mentioned ransomware compromises in Q322, a slight increase from Q222.

The overall number of ransomware incidents decreased slightly in Q322, following a summer high from July to August when Acronis observed a 49% increase in blocked ransomware attacks globally, but was then followed by a decrease of 12.9% in September and 4.1% in October.

As the main threat actors are continuing to professionalise their operations, Acronis notes a shift towards more data exfiltration with most of the large players expanding their targets to MacOS and Linux systems, and consideration of cloud environments.

Phishing

- Between July and October 2022, the proportion of phishing attacks rose by 1.3x against malware attacks, reaching 76% of all email attacks (up from 58% in 1H22).

- Spam rates increased by over 15% — reaching 30.6% of all inbound traffic.

- South Korea, Jordan and China ranked as the most attacked countries in terms of malware per user in Q322.

Analysing the 50 most email-borne-attacked organizations revealed the top targeted industries:

• Construction
• Retail
• Real estate
• Professional services (Computers & IT)
• Finance

During this period, an average 7.7% of all endpoints tried to access malicious URLs in Q322, a small reduction from 8.3% in Q222.

Patching

While software vendors release patches regularly or often, it is still not enough. Many attacks succeed due to unpatched vulnerabilities. Acronis continues to observe and warn both businesses and home users that new zero-day vulnerabilities and old unpatched ones are the top vector of attack to compromise systems.

A phishing campaign targeted Microsoft users in September by using the news coverage of the passing of Queen Elizabeth II and impersonating "the Microsoft team" to bait recipients into adding memo text onto an online memorial board in September.

Another large-scale phishing campaign was spotted targeting Microsoft M365 email service credentials, specifically at fintech, lending, accounting, insurance and Federal Credit Union organisations in the US, UK, New Zealand and Australia.

“Increased recognition that cybersecurity is a growing business risk is a welcome trend across all levels of enterprises,” said Michael Suby, VP Research, Trust and Security at IDC. 

“The latest Acronis Cyberthreat report explores real-world examples from the second half of this year and offers practical recommendations to protect the people, processes, and technologies that drive modern enterprises.”

Explore

Download the Acronis End-of-Year Cyberthreats Report 2022

*MFA fatigue attacks have been highly effective for cybercriminals. They send so many requests for MFA that the victim eventually falls for one and shares their credentials.

**Conducted by the Acronis Cyber Protection Operation Center, the report provides an in-depth analysis of the cyberthreat landscape including ransomware threats, phishing, malicious websites, software vulnerabilities and a security forecast for 2023.