Secureworks State of the Threat Report 2022: 52% of ransomware incidents over the past year started with compromise of unpatched remote services
Analysis of the cyber threat landscape from the Secureworks ® Counter Threat Unitâ„˘ highlights key shifts in the tools and behaviors of adversaries across the world
ATLANTA, Oct. 4, 2022 /PRNewswire/ -- Secureworks ® (NASDAQ:SCWX), published its annual State of the Threat Report today, revealing that the exploitation in remote services has become the primary initial access vector (IAV) in ransomware attacks over the past year, accounting for 52% of ransomware incidents analyzed by Secureworks over the period (overtaking credentials-based attacks from 2021). Alongside this, there has also been a 150% rise in the use of infostealers, making them a key precursor to ransomware. Both these factors keep ransomware the primary threat for organizations, who must fight to stay abreast of the demands of new vulnerability prioritization and patching.
The 2022 State of the Threat Report from Secureworks provides an overview of how the global cybersecurity threat landscape has evolved over the last 12 months, with a focus on the Secureworks Counter Threat Unit'sâ„˘ (CTU) first hand observations of threat actor tooling and behaviors.
"We conduct thousands of incident response engagements every year. While ransomware remains the most prominent threat to businesses, we are tracking notable shifts in threat actor behaviors and their approach to campaigns. It's too simple to claim that ransomware as a service is slowing. Our research clearly shows a rise in Infostealers use and an evolution of tools and adversaries. The threat is changing, but it is not going away," states Barry Hensley, chief threat intelligence officer, Secureworks. "It's critical for organizations to stay ahead of the adversary with solutions that effectively prioritize risk, based on the most up-to-date intelligence. When businesses understand the nature of the threat, they can better focus resources and move quickly to optimize response."
Highlights from the Report Include:
- Shift to exploiting vulnerabilities as primary initial access vector (IAV) over credentials-based attacks
- Accelerated use of Infostealers as a means of enabling ransomware operations
- Insights into the changing groups and threats associated with the continued dominance of ransomware
- Changes and newcomers in the loader landscape
- Tools and tactics of hostile government-sponsored groups across the world
The Onward March of Ransomware
Ransomware continues to remain the primary threat facing organizations accounting for more than a quarter of all attacks. Despite a series of high-profile law enforcement interventions and public leaks, and a small slow down over the summer months, ransomware operators have maintained high levels of activity.
The median detection window in 2022 is four and a half days, compared to five days in 2021. The mean dwell time in 2021 was 22 days but so far in 2022 is down at 11 days. Companies effectively have one working week to respond to and mitigate damage.
The number of victims listed on public "Name and Shame" sites continues to remain high with no year-over-year reduction. Despite some monthly fluctuations, the number of victims named in the first six months of 2022 is slightly higher at 1,307 than the 1,170 named in the first six months of 2021.
This year's Biggest Offenders based on Secureworks' incident response engagements are GOLD MYSTIC, GOLD BLAZER, GOLD MATADOR and GOLD HAWTHORNE. Notably, all of these groups are tied to Russia.
In some instances, the adversaries are making use of the fear surrounding ransomware to undertake lower tech crimes. Hack and leak operations where data is stolen and a ransom is demanded but no ransomware is deployed continued into 2022, with GOLD TOMAHAWK and GOLD RAINFOREST among the top culprits.
Vulnerabilities in Remote Services become the Biggest Issue
The 2022 State of the Threat Report from Secureworks also highlights that exploitation of vulnerabilities in internet-facing systems has become the most common initial access vector (IAV) observed. This is a change from 2021, when the dominant IAV was the use of stolen or guessed credentials.
As new vulnerabilities are discovered, developers of widely available offensive security tools used by threat actors are quick to incorporate new vulnerabilities into their tools, often meaning that even less sophisticated threat actors are able to exploit new vulnerabilities before security teams can patch.
The Rise of Infostealers
CTU researchers have seen an increase in the sale of network access sourced from credentials acquired by information stealers. In a single day in June 2022, CTUâ„˘ researchers observed over 2.2 million credentials obtained by Infostealers available for sale on just one underground marketplace; last year this figure on the same market with respect to the same stealers was 878,429. That's an increase year on year of over 150%.
The three main stealer markets include: Genesis Market, Russian Market and 2easy. There is a plethora of stealers for sale on underground forums but some of the major ones include Redline, Vidar, Raccoon, Taurus, and AZORult.
Infostealers provide the means to quickly and easily obtain credentials that can be used for initial access, making them a major enabler of ransomware operations. Innovative distribution methods for Infostealers have included cloned websites and trojanized installers for messaging apps such as Signal.
A Change in the Loader Landscape
Between July 2021 and June 2022, two big names in the loader landscape disappeared (Trickbot and IceID) and two returned (Emotet and Quakbot). This indicates that groups are moving away from the complex, fully featured botnets that evolved from the early banking trojans towards more lightweight loaders that are easier to develop and maintain â€“ a trend that has only increased with the use of post-exploitation tools such as Cobalt Strike.
Understanding the Nation-state Threat
The Secureworks CTU has tracked several significant activities which can be attributed to nation-state sponsored threat groups, including their motivations, behaviors and tactics
- China: Chinese government sponsored groups are some of the most prolific and well-resourced threats in cybersecurity. Over the course of the ongoing Russia/Ukraine conflict, observed threat activity from Chinese government sponsored groups has targeted both Russia and Ukraine. A notable behavior from these adversaries is the use of ransomware as a smokescreen for intellectual property theft and cyberespionage, rather than for financial gain.
- Russia: The war against Ukraine has been revealing for Russia's cyber capabilities. At the outset of the conflict there were wide fears of destructive attacks with wide scale repercussions as was seen with NotPetya in 2017. However, despite a steady cadence of cyber activity directed against Ukrainian targets, some of which is identifiably from Russian government-sponsored threat actors, no widely disruptive attacks have been successful. The most visible Russian threat group tracked by the CTU over the past year has been IRON TILDEN. This group is notable for spearphishing attacks conducted primarily against Ukraine but also against Latvia's parliament in April.
- Iran: Links of Iranian threat groups to government have become clearer over the past year. Ransomware continues to develop as a theme across Iranian threat group activity although often it appears with the purpose of disruption rather than financial gain. Over the past year Secureworks incident responders have investigated COBALT MIRAGE ransomware attacks against organisations in Israel, the US, Europe and Australia and the team was able to identify the individuals behind the group.
- North Korea: Multiple ransomware families have been linked to North Korea over the past 12 months, including TFlower, Maui, VHD Locker, PXJ, BEAF, ZZZZ, and ChiChi. The continued emergence and evolution of these ransomware families strongly suggests it is a stream of revenue that operators in the region will continue to pursue. Cryptocurrency and decentralized finance organizations have been a major focus of activity, and North Korean threat groups have reportedly stolen over $200 million USD from crypto exchanges since 2018.
State of the Threat 2022
The Secureworks CTU 2022 State of the Threat Report can be read in full here: https://www.secureworks.com/resources/rp-state-of-the-threat-2022
Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks ® Taegisâ„˘, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers' ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
Connect with Secureworks via Twitter, LinkedIn and Facebook and
Read the Secureworks Blog
View original content:https://www.prnewswire.co.uk/news-releases/secureworks-state-of-the-threat-report-2022-52-of-ransomware-incidents-over-the-past-year-started-with-compromise-of-unpatched-remote-services-301639388.html
More News by PR Newswire India
Finance Minister Smt. Nirmala Sitharaman, to attend Start-up Inclusion Summit to support inclusive growth in Start-Up Ecosystem
Opening of Zuunbayan-Khangi railway set to deliver major boost to Mongolian exports and economy
Sinopec Uncovers High-Yielding Shale Gas Reserve in Sichuan Basin
1K Kirana brewing a revolution; building Bharat's largest network of neighborhood Kirana stores
France and India join forces for better healthcare in future
India's pre-owned car market to surge 2.5X in value to be INR 4.4 Trillion and grow 2x in volume to reach 8.2 Mn units, over the next five years: OLX - CRISIL Auto Note 6
SM Prime Standardizes with SoftwareONE MTWO Platform
CM Shri Naveen Patnaik inaugurates Happiest Minds Development Centre at Bhubaneswar
CHUV, CERN and THERYQ join forces for a world first in cancer radiotherapy
Prashant Wagh of AQURA conferred with 'Asia's Inspirational Leader 2022' award at the 'Global Business Conclave 2022' in London
Zoomlion Tower Cranes Construct Lusail Stadium, Venue of the World's Biggest Football Tournament in Qatar
TECNO Unleashes Industry's First Dual-prism Periscope Tele Camera with the Biggest Angle of Tilt Ability
Kiko Live enables a new feature CLS - Customer Listed Seller
1 in 3 women suffer from Iron Deficiency symptoms including tiredness[1,2,3] and dizziness[4,5]
Newton Cinema's 'Family' to have its world premiere at the 52nd International Film Festival of Rotterdam
CPA Australia supports the World Congress of Accountants in India
Two PHBS Master's Programs Ranked 1st in Asia and Top 20 Globally
Dosti Realty to host The Maruti Suzuki Devils Circuit Mumbai Edition
Vayana Network begins operations of its ITFS platform, Vayana TradeXchange (VTX), Initiates the first transaction in partnership with VoloFin
VinCSS Applauded by Frost & Sullivan for Enabling the Protection of Users, Devices, and Data from Password-related Attacks with Its Robust IAM Security Approach
Successful Farmer Producer Organisations are those that look beyond the objective of profits - underscore experts at webinar by WOTR
Woxsen University expands its portfolio of Chair Professorships with new Labs & Competitions
Visionet Systems India's free youth skills program 'Unnati for India' to address financial skill gaps in the BFSI sector
Jewellerskart launches India's Most Advanced Jewellery E-commerce Platform 'Jewellerskart 2.0'
ViewSonic Unveils 2022 ColorPro Award Top 10 Winners
China Matters' Feature: A Rising Star Stands for the Future of Chinese Women's Volleyball
Burj Khalifa by Emaar to Host a Cutting-Edge Laser Light Extravaganza and Phenomenal Firework display on Emaar New Year's Eve
Global Cloud Xchange (GCX), a leading network service company, signs up Sonata Software as its technology and business transformation partner, in a multi-million multi-year deal
At CIIE opening, Trina Solar chairman Gao talks about path to net zero emissions
Cyient Strengthens Leadership at Cyient DLM to Expand its Manufacturing Business
MediSim VR Wins Start-up of The Year Award at TANCARE 2022
Bloom Platform Continues Expansion In Key Markets
China Matters releases a short video "What was considered the 'Ivy League' of ancient China?" to tell a British scholar's view
Xinhua Silk Road: Shanghai International Shipping Center enters new stage of comprehensive development
Xinhua Silk Road: Handcrafts Yuan Theater officially opens its door to people in east China's Shandong
Trina Solar scores 100% in 2022 BNEF Bankability Survey, 210mm modules taking the lead in bankability
Bitget Launches BitGator - Indian Ambassador Program For Crypto Enthusiasts
Ex-Biocon team, Symbio Generrics completes capital raise from Ascent Capital
ICFAI Business School offers unique curriculum in its management program
Benesse, the leading education company of Japan, enters India
The 6th China-South Asia Exposition held in China's Yunnan
Online Training & Certification Courses on Cyber Security and Artificial Intelligence & Machine Learning by Defence Institute of Advanced Technology, DIAT, Pune
Hivestack partners with China's leading offline advertising solution provider, Focus Media
Openbravo announces its acquisition by leading French group DL Software
US-India Airline Ticket Sales for Holiday Season Outpaces 2019 Levels
REYL Finance MEA awarded "Best Overall Fund Manager - Regional/Global Reach" accolade by WealthBriefing
A New Departure for an Intelligent Future China International Intelligent Communication Forum 2022 Held in Wuxi
ExpressVPN confirms security of its desktop apps with three new independent audits
Vieworks exhibits at RSNA 2022 with its complete lineup of next generation x-ray flat panel detectors
Explosive Brand Power: VIVOTEK Recognized as Top40 Taiwan Global Brand for the 3rd Year in a Row
SUNRATE announces strategic partnership with Agoda
Blockchain tech innovation forum held in Chengdu
Canada Releases its 2022 New Wheat Crop Report
Bithumb Lists $ALT, the Governance Token of GameFi Project ArchLoot
TRUE COLORS FESTIVAL THE CONCERT 2022 WITH KATY PERRY REACHES GLOBAL AUDIENCE WITH STUNNING MESSAGE OF INCLUSION
Macmillan Education India's Hop Skip and Jump comes of age, aligned with the National Curriculum Framework for Foundational Stage 2022
Huawei signs global ITU pledge to help 120 million people in remote areas connect to the digital world
Kinseed Selects Solace's Event Streaming and Management Solution to Accelerate Digital Transformation in the Healthcare Industry
TaiwanPlus's Elections Livestreaming Event to Showcase Taiwan's Vibrant Democracy
Nobel Sustainability Trust Foundation Paris Summit
DUBAI ESPORTS FESTIVAL 2022 CONCLUDES ON A HIGH NOTE
Cloud4C Achieves AWS DevOps Competency Status
Global Top 2 LCD TV Brand TCL Cheers for Your Favourite Football Teams with Immersive Viewing Experience
Averna Announces New Member to Join its Board of Directors
Maruti Suzuki Devils Circuit Celebrates Xth Year!
Bank of Baroda Reduces Home Loan Interest Rates by 25 bps to 8.25% for a Limited Period
Innodisk Proves AI Prowess with Launch of FPGA Machine Vision Platform
Nexteer & Tactile Mobility Honored with CES 2023 Innovation Award for Road Surface Detection & Early Intuitive Warning Software
HONOR Unfolds the HONOR Magic Vs, Its Next-Generation Foldable Flagship and the HONOR 80 Series in China
InUni Fashions Strategic Insights Into International Markets For Elmira
Baccarose brings Italian beauty brand, Diego dalla Palma to India
Get Set Learn and TiE Bangalore set to promote entrepreneurial skills among students with Future Unicorns Launchpad
Advantages of Hot Melt Adhesives (HMAs) Drive the Industry's Growth
Denave Expands Global Footprint with New Delivery Center in Malaysia
Spinny Max: Growing Demand for Used Luxury Cars in Tier-2 and Tier-3 Cities
Lunit Partners with CARPL.ai to Accelerate AI-Powered Medical Imaging Across Major Overseas Channels
Xinhua Silk Road: Economic development, financial cooperation amid changes highlighted at Financial Street Forum 2022 annual conference
Integra Software Services Inaugurates its Green Building
TECNO's Push for Premium Webinar Teased New Flagship PHANTOM X2 Series Powered by MediaTek's Dimensity 9000 5G Chip
Value of simulation-based training for cataract surgery highlighted in new articles in Indian Journal of Ophthalmology
PLDT builds $75M PH link of Asia Direct Cable, boosts Intra-Asia Connectivity
Rockwell Automation Introduces Intelligent Edge Management Solution FactoryTalk Edge
OpenLight Announces Process Design Kit Availability with Industry's First Unified Electronic and Photonic Design Platform
Enterprise Holdings Grows Car Rental Presence in South Korea
China Matters releases a short video "11 Reasons Why I've Fallen in Love with Beijing" to tell an American vlogger's view
Frost & Sullivan Recognizes Atento for Leading the Customer Experience (CX) Outsourcing Services Industry in Brazil with Trendsetting Solutions
CGTN: Officials voice confidence in China's economy, urge cooperation
Vantage and NEOM McLaren Extreme E make a splash for ESG at the Finance Magnates London Summit 2022
Counterpoint Research, MTK, TECNO and Editor at Large from Forbes Magazine Compared Notes on The Changing Forces in Premium Smartphone Domain
/DISREGARD RELEASE: OpenWay/
OpenWay launches Card- and Wallet-as-a-Service platform for CaaS providers across the globe
MAG OF LIFE LAUNCHES EIGHT MANSIONS AT THE RITZ-CARLTON RESIDENCES, DUBAI, CREEKSIDE, EACH VALUED AT USD 47.8 MILLION
Dobot Launches Nova Collaborative Robots for Retail Automation
Interplex Announces Stackable Multi-Row Board-to-Board Connector Products That Achieve Unprecedented Flexibility
A first in India, Ganga Floodwater becomes available for drinking in Bihar
Educators at JBCN Oshiwara raised awareness about the importance of Mental Health
ASIA'S LEADING ANIMATION STUDIO ASSEMBLAGE JOINS THE CINESITE GROUP
Omdia: Semiconductor market declines into uncharted (seasonal) territory
Infosys to Digitize and Automate Processes at Envision AESC's EV Battery Manufacturing Plants
Sinopec and QatarEnergy Ink Long-term LNG Deal
AAA GameFi MMORPG Bless Global Will Soon Start its Second Mystery Box Sale and the Public Beta Test
Accolite Digital Announces Acquisition of TeamTek Consulting to Accelerate Growth in EMEA & APAC
Stephen Hermitage joins Sai Life Sciences as VP, CMC
Vaishali Nigam Sinha, Founder & Chair, ReNew Foundation & CSO, ReNew Power recognised among list of '100 people transforming business globally' by Business Insider
HONOR Launches HONOR MagicOS 7.0 in China
Prayagraj Power Generation Company Limited (PPGCL) and UptimeAI collaborate to speed up initiatives for digital transformation related to flexibilization and setting up an AI expert centre for performance enhancement
FIRMENICH DELIVERED DOUBLE-DIGIT REVENUE GROWTH IN THE FIRST QUARTER OF FINANCIAL YEAR 2023
Thunes Launches Instant Payouts to 1Bn + Weixin Users: Forges Unique Link Between China and the Rest of World
Lexus Design Award India 2023 Announces Finalists, Opens Voting for People's Choice Award
PUBLICATION OF THE OFFERING CIRCULAR IN RELATION TO THE MERGER BETWEEN DSM and Firmenich and the LISTING OF DSM-Firmenich ON EURONEXT AMSTERDAM
K Hospitality Corp Celebrates Its Golden Jubilee with Growth Plans Across its Verticals
Rummy Passion introduces Latest Addition of Sit & Go Cash Tournaments
Quant and UST Partner to Accelerate the Adoption of Institutional Digital Assets Across Financial Services
Bitget registers in Seychelles and plans to grow its global workforce by 50%
Cloudera Powers Enhanced Analytics for PTT Oil and Retail Business to Transform Customer Experiences
The American Carbon Registry (ACR) has partnered with AirCarbon Exchange (ACX) to offer ERT on the Exchange
Xinhua Silk Road: Chinese liquor brand Wuliangye outshines at 2022 APEC CEO Summit
ROSHN's Landmark Development SEDRA Welcomes First Residents
AUTOMOBILI PININFARINA CONFIRMS RECORD-BREAKING BATTISTA PERFORMANCE AT UAE DEBUT
CGTN: China commits to global growth, governance at G20 Summit, APEC meeting
CASE Announces Publication of Global Exchange: Dialogues to Advance Education by President and CEO Sue Cunningham
Quantivly exhibits at RSNA 2022 with AI-driven software to transform the way radiology leaders manage operations and increase access to imaging for the population.
Cell Impact is one of the fastest growing tech companies in Sweden
Public Interest Registry Names Five New Members to its Advisory Council
ThroughPut Inc. Announces Partnership with project44 to Unleash AI-Powered Supply Chain Capacity and Profitability
Toshiba TV promisingly hits the mark with the stunning M550L
Saudi Arabia launch documenting domestic workers contracts through "Musaned"
Godrej Locks to safeguard 52 locations in 52 weeks
HarperCollins India presents Mahagatha: 100 Tales From The Puranas by Satyarth Nayak
Hisense's Value-Based Innovation Becomes the Pivotal Driving Force to Achieve Brand Growth
Amazfit Pop 2 Smartwatch launching in India: Sale to begin on Flipkart at 12 Noon
China Matters presents the video "Tweed Run in a Beijing Rhythm" depicting stylish cycling in Beijing
Sonata Software bags the coveted Golden Peacock Award for Excellence in Corporate Governance 2022, second time in a row
CGTN: Peng Liyuan: Music connects people of China and Thailand, deepens friendship
MET Institute of Management, Bhujbal Knowledge City Sensitizing Businesses about Circular Economy for a Sustainable Future
Cambrex to Acquire Snapdragon Chemistry, a Leader in Continuous Flow API Development Services
APR Applied Pharma Research (a Subsidiary of Relief Therapeutics) is a Finalist in the 2022 Rare Disease International Film Festival
OLON, INTERNATIONAL API SUPPLIER, RELEASES THE NEW SUSTAINABILITY REPORT 2022 CONFIRMING THE PROGRESS OF ITS SUSTAINABILITY IN THE FOCUS AREAS OF ENVIRONMENT, SUPPLY CHAIN, PEOPLE, COMMUNITY ENGAGEMENT, PRODUCTION
Infosys InStep Ranked as the 'Best Internship Program' for Five Consecutive Years
CIE-IIITH's Deeptech, Medtech and MediaTech Accelerators Winter 2022 cohort commences with 9 startups
Nespresso, pioneer of premium single-serve coffee, unveils new range of home compostable coffee capsules
Appian appoints Silvio Lima as Head of Corporate Affairs, ESG and Community Engagement
TCL Wins Two CESÂ® 2023 Innovation Awards, Reaffirming its Leadership in Display Technology
Gotion High-tech and VinES Vietnam base break ground at joint venture battery factory
IGT Solutions Wins Gold for Tokopedia Care
Bluehost Announces Black Friday Sale: Up to 60 percent off on Websites & Stores
A new feat - another 100,000 graduates from Zion Christian Mission Center
PolyU researchers compile world's first "atlas" of airborne microbes that provides an important new perspective for public health research
Intas Pharmaceuticals Ltd. marches into the Guinness World Records
The First Match Kicks off Tonight; Higer mobile service buses are already in place
Dar Al Arkan introduces Trump signature villas, hotel, and golf course at its hilltop project 'AIDA' in Muscat, Oman