Ransomware damages to exceed $30 billion by 2023

Acronis, a global provider of cyber security, has released its mid-year cyberthreats report, which was conducted by Acronis’ Cyber Protection Operation Centers to provide an in-depth review of the cyber threat trends being tracked by the company’s experts.

The report explains how ransomware remains the top threat to large and medium-sized businesses, including government organizations, and how over-complexity in IT and infrastructure leads to increased attacks. During the first half of 2022, nearly half of all reported breaches involved stolen credentials, which enable phishing and ransomware campaigns. The findings highlight the need for more comprehensive approaches to cybersecurity.

Cybercriminals’ preferred infection vectors for obtaining credentials and other sensitive information are phishing and malicious emails. Almost one-quarter (26.5%) of all emails were delivered to the user’s inbox (not blocked by Microsoft365) and then removed by Acronis email security.

Furthermore, the study demonstrates how cybercriminals use malware and unpatched software vulnerabilities to extract data and hold organizations hostage. The proliferation of attacks on non-traditional entry points further complicates the cybersecurity threat landscape. Attackers have recently prioritized cryptocurrencies and decentralized financial systems. Successful breaches via these various paths have resulted in billions of dollars in losses and terabytes of exposed data.

These attacks are possible due to IT overcomplexity, a widespread issue in businesses where many tech leaders believe that adding more vendors and programs leads to improved security when the opposite is true. Increased complexity exposes potential attackers to more surface area and gaps, leaving organizations vulnerable to potentially devastating damage.

“Today’s cyberthreats are constantly evolving and evading traditional security measures,” said Candid Wüest, Acronis VP of Cyber Protection Research. “Organizations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities. Cybercriminals are becoming too sophisticated and the results of attacks too dire to leave it to single-layered approaches and point solutions.”

Critical data points reveal a complex threat landscape

As reliance on the cloud grows, attackers have focused on various entry points to cloud-based networks. Cybercriminals have increased their focus on Linux operating systems, managed service providers (MSPs), and their network of small and medium-sized businesses (SMBs). The threat landscape is changing, and businesses must adapt.

Ransomware is worsening, even more so than we predicted. 

• Ransomware gangs, like Conti and Lapsus$, are inflicting serious damage. 
• The Conti gang demanded $10 million in ransom from the Costa Rican government and has published much of the 672 GB of data it stole. 
• Lapsus$ stole 1 TB of data and leaked the credentials of over 70,000 NVIDIA users. The same gang also stole 30 GB worth of T-Mobile’s source code. 
• The U.S. Department of State is concerned, offering up to $15 million for information about the leadership and co-conspirators of Conti.

The use of phishing, malicious emails and websites, and malware continues to grow.

• Six hundred malicious email campaigns made their way across the internet in the first half of 2022. 
• 58% of the emails were phishing attempts.
• Another 28% of those emails featured malware.
• The business world is increasingly distributed, and in Q2 2022, an average of 8.3% of endpoints tried to access malicious URLs.

More cyber criminals are focusing on cryptocurrencies and decentralized finance (DeFi) platforms. By exploiting flaws in smart contracts or stealing recovery phrases and passwords with malware or phishing attempts, hackers have wormed their way into crypto wallets and exchanges alike. 

• Cyberattacks have contributed to a loss of more than $60 billion in DeFi currency since 2012.
• $44 billion of that vanished during the last 12 months. 

Another common infection vector is unpatched vulnerabilities in exposed services—just ask Kaseya. To that end, companies such as Microsoft, Google, and Adobe have prioritized software patches and transparency regarding publicly reported vulnerabilities. These patches are likely to have contributed to the monthly average of 79 new exploits. Unpatched vulnerabilities also contribute to how overcomplexity harms rather than helps businesses, as all of these flaws serve as additional points of failure.

Breaches leave financial, and SLA distress in their wake

Cybercriminals often demand ransoms or outright steal funds from their targets. But companies do not suffer challenges only to their bottom lines. Attacks often cause downtime and other service-level breaches, impacting a company’s reputation and customer experience. 

• In 2021 alone, the FBI attributed a total loss of $2.4 billion to business email compromise (BEC). 
• Cyberattacks caused more than one-third (36%) of downtime in 2021.

The current threat landscape necessitates a multi-layered solution that integrates anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities. The integration of these various components increases a company’s chances of avoiding cyberattacks, mitigating the damage of successful attacks, and retaining data that may have been altered or stolen during the process.