Stolen credentials and ransomware threats will cause record losses of up to $30 billion worldwide in 2023 – IAPP

October 26, 2022

According to the IAPP, ransomware losses worldwide will exceed $30 billion in 2023, and system breaches will be the main cause of data breaches.

Malware and shell access to a device are two examples of attacks proposed for data breaches in the coming year and beyond, but ransomware appears to be the primary method, with ransomware attackers using three new tricks.

The first is data leak and double extortion, which is how ransomware groups demand ransoms for the decryption of critical data and the prevention of data leak.

The second component is the Initial Access Broker (IAB), which enables ransomware attack groups to obtain access to legitimate, high-level access data for targeted companies and to begin exfiltrating data in preparation for the double extortion demand.

The third is ransomware-as-a-service (RaaS), which enables malware developers to rent out ransomware and its control infrastructure to other cybercriminals.

Statistics show that almost half of all data breaches in 2022 started with stolen access data. In the first half of 2022, 600 malicious email campaigns were launched, 58% of which were phishing emails and 28% contained malicious software designed to steal credentials.

Furthermore, as reliance on the cloud grows, attackers have increasingly targeted various entry points into cloud-based networks. Cyber criminals are now targeting unpatched or software vulnerabilities in order to extract data, with Linux operating systems and managed service providers (MSPs) and their networks of SMB customers being increasingly affected recently. Another method is “non-traditional entry avenues” like cryptocurrencies and decentralized finance (DeFi) systems.

The sources for this piece include an article in CPOMagazine.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn