2022 reports on cybercrime and ransomware
Several reports provide an overview of cybercrime and threat trends (ransomware, phishing…) for the year 2022. The study on cyber claims published by BESSÉ and Groupe Stelliant, and the report on cybersecurity incident response revealed by Wavestone, help prepare companies for 2023…
Trends in 2022: ransomware and phishing
Unsurprisingly, ransomware dominates the cybercrime landscape. Far ahead of attacks of other kinds (DDoS, fraud, website or application compromise, data theft), they account for 89% of cyberattacks suffered by businesses (BESSÉ and Groupe Stelliant sample studied over the 2019-2021 interval).
Designed for extortion, ransomware compromises IS activity and data availability through encryption. Their attacks may be accompanied by data theft, with the threat of disclosure. The primary objective of ransomware is therefore to penetrate their targets’ information systems, exploiting every possible security loophole.
Phishing is the most widespread attack mechanism, ahead of brute-force attacks, web or IS vulnerabilities, account usurpation or remote access. According to BESSÉ and Stelliant, these fraudulent e-mail or SMS campaigns aimed at recovering the target’s credentials account for 30% of attacks, and 51% according to Wavestone (taking into account the use of valid accounts).
Cybercriminals and hackers: profiles, motivations and targeting
Unsurprisingly, cybercrime is also on the rise. In its IT threat panorama published in March 2022, the ANSSI (Agence nationale de la sécurité des systèmes d’information) reported 1,082 proven IS intrusions for 2021, compared with 786 in 2020. At the same time, cybercriminals and hackers are improving their capabilities and getting better organized.
The main motive for cyber attacks remains financial gain (51% according to Wavestone, in the form of extortion via ransomware or resale of stolen data), ahead of computer malice, destabilization and espionage. Three quarters of the attacks managed by Wavestone’s CERT-W(Computer emergency response team) are opportunistic, targeting neither a particular type of organization nor a particular sector of activity.
According to Wavestone, cybercriminal groups are becoming increasingly organized and professionalized. In early 2022, the disclosure of documents from the Conti group revealed a structure similar to that of a company, with recruitment, training, purchasing and other functions. Providers of cybercriminal services (hosting, RaaS or Ransomware as a Service…) are developing accordingly.
Cybersecurity and cyber resilience for businesses
Developments in corporate cybersecurity are influencing the nature of the IT threat. Cyber-attacks are turning away from large companies that are investing in their IT protection. The result is a trend towards attacks of opportunity, aimed at the middle market (SMEs, ETIs, etc.) and the public sector (healthcare, education, etc.).
The BESSÉ and Stelliant study on the loss experience of IT threats underlines the impact of cyber attacks on companies: business disruption, total or partial rebuilding of information systems, operating losses… According to the study, companies still largely underestimate the time it takes to get back up and running, and the costs generated by IT losses.
Instead, companies need to cultivate their cyber resilience by identifying their vital data and applications, establishing a BCP/ERP and a communication plan. The Wavestone report reminds us of the need to combine innovative measures with the fundamentals of cybersecurity: backup and recovery strategies, third-party lifecycle management, strengthening cloud security, the need to invest (cyber-insurance, recourse to experts, etc.), etc.
Sources :
- ANSSI, IT Threat Panorama 2021March 2022;
- BESSÉ and Stelliant, Cyber risks – Analysis of claims experience: what lessons can be learned?October 2022;
- Wavestone, CERT-W Report 2022 – Trends and analysis of one year of incident response, September 2022.
