October 6, 2022

Among the main findings of the State of the Threat Report in 2022 is the fact that ransomware remains the primary threat to private and public organizations, and hack-and-leak continues to offer an attractive package for hackers.

Ransomware is still a primary threat with the median detection for ransomware attacks in 2022 standing at 4.5 days. Loaders remain a key component of the ransomware ecosystem, although usage fluctuates between new and long-established options.

Another finding is the exploitation of vulnerabilities in internet-facing services, a business that has replaced credential-based access as the most common initial access vector. Moreover, the market for infostealers is booming, with the number of infostealer logs doubling in the last year.

Government-backed threat actors remain regionally focused, with some using ransomware attacks as a cover for espionage or cyber disruption, and the cyberwar has not significantly expanded beyond the borders of Russia and Ukraine.

Threat actors are now looking for ways to circumvent multi-factor authentication by exploiting incomplete implementation. They are moving faster than ever to exploit new vulnerabilities that combine sophisticated tactics with more basic techniques in the hope of avoiding detection.

The sources for this piece include an article in Secureworks.