UPDATED 09:00 EST / SEPTEMBER 29 2022

SECURITY

Arctic Wolf: One third of all cyberattacks now involve business email compromise

A new report from security operations startup Arctic Wolf Networks Inc. finds a significant uptick in business email compromise attacks for the first half of this year.

Based on data analysis and insights from Arctic Wolf’s incident response unit Tetra Defense, BEC now accounts for over a third of all total cases responded to and the number of cases nearly doubled from the first to the second quarter. Industries such as finance and insurance, business services, legal and government all saw significant increases in this attack type.

Of those organizations struck by a BEC, 80% of organizations did not have multifactor authentication in place before their incidents. The lack of MFA among victims is said in the report to highlight its importance in securing organizations. “With MFA in place, exploitation of compromised credentials becomes more challenging,” the report notes.

The report also found that median ransomware demands from threat actor groups was $450,000 in the first half of the year, with technology and shipping/logistic industries experiencing demands that were more than double the global median. The ransoms demanded from shipping and logistics are believed to be higher because these industries tend to have less organized networks and data structures and weaker backup practices.

By contrast, the healthcare, finance and insurance industries all had median ransom demands below the global average, despite accounting for more than 30% of the caseload. The report suggests that this is because these industries typically are more mature in their cyber hygiene practices thanks to very sensitive and valuable data, giving threat actors less leverage to demand a higher ransom.

Although the report says the human element is a common attack vector, most incidents are driven by the exploitation of unpatched vulnerabilities or remote access tools. Some 81% of incidents in the first half involved external exposure of either a known vulnerability on a victim’s network or a remote desktop protocol. Some 56% of incidents were due to vulnerabilities, while 25% were caused by external remote access.

Incidents tied ProxyShell and Log4J vulnerabilities continue to be twice as costly for organizations to respond to as a median incident.

“The first six months of 2022 were filled with unprecedented international geopolitical strife and economic uncertainty, but even with these global events, threat actors continued cybercrimes against organizations of all sizes,” the report concludes.

Image: Needpix

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU