Threat report breaks down the biggest attack trends of 2022 and shares predictions for the year ahead
Press releases · Cole Finch
Herndon, Va. – January 31, 2023 — Expel, the security operations provider that aims to make security easy to understand, use and improve, today released Great eXpeltations 2023: Cybersecurity trends and predictions, its annual report that outlines some of the most significant threats and attack trends from 2022. Compiled using aggregated data from the Expel security operations center (SOC), the report provides insights and statistics on the most significant cybersecurity threats Expel customers faced, actionable recommendations on how organizations can protect themselves, and predictions on what to expect in the year ahead.
“The trends and data we saw in 2022 showed that identity fraud—in the many different forms it can take—were a top concern for our customers,” said Ben Brigida, director, SOC operations at Expel. “However, we also observed a 70% increase in cloud incidents. Cybercriminals continue to evolve their tactics. We hope the Great eXpeltations report helps defenders stay on top of the attack trends that can impact their businesses, as well as minimize risk in the year ahead.”
Here are some highlights from the report:
- Identity threats: Business email compromise (BEC) remained the top threat to our customers, representing 50% of all incidents (consistent with findings from 2021). Fifty-three percent of all organizations experienced at least one BEC attempt.
- Cloud security: Cloud incidents increased 70 percentage points compared to 2021. Threat actors started moving away from authenticating via legacy protocols to bypass multi-factor authentication (MFA) in Microsoft 365. Instead, they adopted frameworks such as Evilginx2, facilitating adversary-in-the-middle (AiTM) phishing attacks to steal login credentials and session cookies for initial access and MFA bypass.
- Ransomware: Eleven percent of incidents could have resulted in deployment of ransomware had we not intervened—a seven percentage point increase compared to 2021. As Microsoft continues making it easier for organizations to block macros in files downloaded from the internet, ransomware threat groups and their affiliates are abandoning their use of visual basic for application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments. Instead, ransomware operators opt to use disk image (ISO), short-cut (LNK), and HTML application (HTA) files to gain initial entry.
- Phishing: Eighty-eight percent of malicious email submissions were credential harvesters. Credential theft via phishing continues to grow with identity the main focus of today’s attacks.
For each of these attack trends, Expel’s SOC leadership team shares what they observed in 2022, how to detect and prepare for these threats, and what to expect for 2023.
Download Great eXpeltations 2023: Cybersecurity trends and predictions to learn more.
About Expel
Expel helps companies of all shapes and sizes minimize business risk. Our technology and people work together to make sense of security signals—with your business in mind—to detect, understand, and fix issues fast. Powered by our security operations platform, Expel offers managed detection and response (MDR), remediation, phishing, and threat hunting. For more information, visit our website, check out our blog, or follow us on LinkedIn or Twitter.
Contact:
Loren Guertin
expel@matternow.com
Matter Communications on behalf of Expel