Freely subscribe to our NEWSLETTER

“The trends and data we saw in 2022 showed that identity fraud—in the many different forms it can take—were a top concern for our customers,” said Ben Brigida, director, SOC operations at Expel. “However, we also observed a 70% increase in cloud incidents. Cybercriminals continue to evolve their tactics. We hope the Great eXpeltations report helps defenders stay on top of the attack trends that can impact their businesses, as well as minimise risk in the year ahead.”

Here are some highlights from the report:
• Identity threats: Business email compromise (BEC) remained the top threat to our customers, representing 50% of all incidents (consistent with findings from 2021). Fifty-three percent of all organisations experienced at least one BEC attempt.
• Cloud security: Cloud incidents increased 70% compared to 2021. Threat actors started moving away from authenticating via legacy protocols to bypass multi-factor authentication (MFA) in Microsoft 365. Instead, they adopted frameworks such as Evilginx2, facilitating adversary-in-the-middle (AiTM) phishing attacks to steal login credentials and session cookies for initial access and MFA bypass.
• Ransomware: 11% of incidents could have resulted in deployment of ransomware had we not intervened—a seven percentage point increase compared to 2021. As Microsoft continues making it easier for organisations to block macros in files downloaded from the internet, ransomware threat groups and their affiliates are abandoning their use of visual basic for application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments. Instead, ransomware operators opt to use disk image (ISO), short-cut (LNK), and HTML application (HTA) files to gain initial entry.
• Phishing: 88% of malicious email submissions were credential harvesters. Credential theft via phishing continues to grow with identity the main focus of today’s attacks.