Acronis Cyberthreats Report Year-end 2022: Data under attack

Acronis Cyber Protect Cloud
for Service Providers
Other languages available: 日本語

Keeping up with the latest cyberthreats can feel like a full-time job, and getting ahead of them like an impossibility. Fortunately, you’ve got Acronis on your side.

The cybersecurity experts at our global network of Cyber Protection Operation Centers (CPOCs) monitor these threats 24/7, conducting original research to better understand the current security landscape — and how best to stay safe in the months ahead.

Today we published the Acronis Cyberthreats Report: Year-end 2022, highlighting our findings from the back half of the year. In this free resource, you’ll find high-level trends in attack patterns, an overview of significant software vulnerabilities and detailed insights into the most dominant cybercrime gangs and their tactics — not to mention plenty of recommendations for staying safe in the year ahead.

Here are a few of the key trends we’ve seen in the second half of 2022:

Ransomware volume is down, but the threat is bigger than ever

Ransomware has become a household term, grabbing headlines around the world. In the back half of 2022, the number of new cybercrime syndicates has actually trended downwards, as has the volume of attacks — but the gangs that remain are doing quite well for themselves.

While some ransomware groups seemingly ceased operations, it has become clear that many of the people behind them simply rebranded and started anew. Egregor, REvil, BlackMatter and DoppelPaymer are a few such examples. This is a tactic we’ve seen many times before, but it still works to an extent — the criminals can slow down or evade law enforcement efforts and buy themselves months or years of additional activity.

At this point, the ransomware landscape is actually dominated by only a few major players. In 2022, the four most-active gangs were:

  • LockBit, which recently released version 3.0 of their malware and are now the first ransomware gang to have a bug bounty program in place;  
  • Black Basta, a group formed by former Conti and REvil members that scored major hits on construction material manufacturer Knauf Group and Canadian food retail giant Sobeys;  
  • Hive, which struck India’s largest power generation company, U.K.-based building products distributor Eurocel, and a large independent subsidiary of Bell Canada, among others; and
  • BlackCat/ALPHV, a group known for their triple-extortion tactics — victims are threatened with both the leaking of stolen data and a potential distributed denial of service (DDoS) attack if the ransom demands are not met.

Of course, there are still other groups making waves out there, compromising businesses of all sizes around the globe. Many notable incidents are highlighted in the full report.

Phishing and malicious emails remain the main infection vector

Phishing — including specialized forms like spear phishing and whaling — is still a top threat, and the most common form of email attack. From July–November, phishing activity rose by a staggering 130%. It now represents 76% of all email-based attacks, up from 58% in the first half of the year.

Email attack types in H2 2022

The Acronis CPOCs blocked 17,500,697 phishing and malicious URLs in Q3 2022. Complete numbers are not yet available for December, but we expect to see an additional rise in attack rates as is common during the holiday season.

Unfortunately, many messages with malicious content — especially dangerous URLs — still make it through basic email filters and reach users’ systems. In order to further evade endpoint security tools, malicious attachments may feature multiple layers of encryption, such as password-protected ZIP archives containing LNK files that then retrieve a final payload. This speaks to the importance of a multi-layered defense approach and advanced email security solutions that use anti-evasion techniques.

Data breaches have hit an all-time high

The global average total cost of a data breach is now $4.35 million, having increased by another $110,000 this year. In the United States, the average total cost is nearly $9.5 million.

Acronis has directly observed significant growth in the number of data breaches (and the financial harm they cause) in both the second half of 2022 and the year as a whole. We see more and more threat actors using so-called “MFA fatigue” attacks, a social engineering technique that overwhelms victims with multi-factor authentication requests in the hopes that the legitimate, authorized user will inadvertently accept one. Data exfiltration remains exceptionally popular, with criminals using its release as additional leverage in ransomware attacks — and using stolen info and credentials to fuel additional attacks down the road.

No matter the size or industry, data breaches can absolutely devastate an organization. In addition to the immediate impact on business operations, companies must contend with severe reputational damage and potential regulatory fines. This year’s standout example of the latter is SHEIN: the New York Attorney General’s Office fined the fashion retailed $1.9 million this year for a 2018 data breach incident in which hackers stole data pertaining to 6.42 million customers.

For more on the latest cybersecurity and threat trends — including a deep-dive into the inner workings of leading ransomware types — and plenty of actionable tips to keep you protected, read the full Acronis Cyberthreats Report: Year-end 2022 today.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.