Positive Technologies on key cyberthreats of 2022: mass leaks, the surge of wipers, and cross-industry consequences

Positive Technologies specialists have analyzed the 2022 cybersecurity threatscape. The number of incidents increased by 21% compared to 2021. One of the main trends was the increase in the number of incidents targeting web resources, the emergence of wipers, and the increased cross-industry impact of attacks against IT companies.

Among organizations, the most common attack victims were government institutions (17%), medical facilities (9%), and industrial organizations (9%). In most cases, attackers used malware (54%), social engineering (43%), and exploited vulnerabilities (34%).

There was an increase in the number of successful cyberattacks targeting organizations' web resources. While companies' websites were compromised in 17% of cases in 2021, this percentage increased to 22% in 2022. Government agencies were hit the hardest: the number of incidents targeting these agencies' web resources more than doubled, and the share of such incidents increased from 23% to 41%. We expect such attacks to continue in 2023. They are particularly dangerous for companies providing online services and online payment options: attackers can embed malicious code into such companies' websites to intercept personal and payment data.

Encryption malware remains the most popular type of malware. In 2022, attackers incorporated such tools in every second successful attack on organizations. Typical consequences included disruption of core business (79%) and leakage of confidential information (55%). In 12% of incidents, companies suffered direct financial losses. Many cybergangs rewrote malware in cross-platform languages or created versions that target both Windows and Linux systems. The number of incidents involving wipers increased by 175% since the year before, making this malware a real trend of 2023.

The interest of attackers in cryptocurrency exchanges significantly increased in 2022, with the number of attacks on blockchain projects more than doubling compared to 2021. In 78% of the incidents, attackers managed to steal funds, resulting in damages in some cases amounting to several hundred million dollars. Individuals often became victims of social engineering attacks: attackers spread messages on social networks and messengers about free giveaways of tokens and NFTs, and urged users to transfer funds with promises of a much greater return. Positive Technologies analysts believe that the number of attacks targeting cryptocurrency holders will increase in 2023.

Social engineering remains highly effective, accounting for 43% of successful attacks against organizations and 93% against individuals. Attackers actively used the phishing-as-a-service model in such attacks. Even low-skilled cybercriminals were able to conduct large-scale attacks in 2022 by using ready-made phishing kits.

The past year was dominated by large-scale data breaches: throughout 2022, Positive Technologies received reports about compromised data. Medical institutions were the most common source of data leaks: in 82% of incidents intruders managed to steal confidential information, mainly the personal data of clients of medical institutions. Scientific research and educational service providers were also targeted, with 67% of such organizations falling victim, followed by retailers (65%). Along with mass leaks, attacks aimed at bypassing multifactor authentication grew in popularity. This may lead to an increase in the number of incidents in 2023.

Throughout 2022, the number of incidents involving spyware witnessed a steady rise: in attacks on individuals, spyware was used in 43% of attacks. Attackers mostly spread spyware via phishing sites (42%) and email (20%).

Throughout 2022, the number of successful attacks targeting IT companies gradually increased, with the number of attacks in the fourth quarter nearly twice as high as in the first quarter. The most frequent incidents involved leaks of confidential information (63% of the total number of incidents), followed by the disruption of core business (35% of cases), and the use of company resources to conduct attacks (13% of cases). Attacks affected such major organizations as Globant, Microsoft, NVIDIA, and Samsung. Attacks on IT companies had cross-industry consequences, not only through subsequent hacking of customer infrastructure, but also by disrupting customer business processes. For example, services of some medical and government institutions were unavailable because of an attack on an IT solutions provider.

Positive Technologies Information Security Analyst Ekaterina Semykina commented: "We expect the number of attacks targeting IT companies to continue to grow in 2023. This may affect customers of such organizations and lead to non-tolerable consequences for other industries. Developers of IT solutions must verify the feasibility of non-tolerable events. We strongly recommend developers to regularly analyze their code for security and check the third-party open-source libraries used in development."

The full version of this study is available on the Positive Technologies website.