Report

2022 BrightCloud® Threat Report: The year of innovation for cybercrime

2022 BrightCloud® Threat Report: The year of innovation for cybercrime

Show first post

114 replies

Userlevel 3

Incredible how many people get hit more than once. Just goes to show that how we bad you think the issues are, the reality day to day is far worse. 

Userlevel 3
Badge

The fact that less 44% of victims are small business but ransom payments are up double from previous year means small medium businesses are proving an increasingly reliable soft target for attackers. This is particularly salient for those of us who support this sector indicating we need to continue upping our efforts to improve security and awareness and get small businesses to put protection and backup higher on their agenda!

Userlevel 3

The Middle East, Asia, and Africa were the regions with the highest percentage of infections. We should look into decrease percentage of infections 

Userlevel 1
Badge +1

Interesting stat:

The smallest organizations, with 100 employees or less, comprised 44% of ransomware victims.

 

Most of the time they just don’t have the manpower, funds or willingness to strengthen their cyber posture.

Userlevel 6
Badge +1

There were so many interesting stats in this article that I feel would shock most people. One thing I found interesting was the number of stats relating to malicious links and sites that had the US either at the top or highly ranked as an offender. I was initially shocked by the number amount of machines infected multiple times, but then I thought back to a ransomware incident we assisted with that had a special infection that would come back if a machine was not wiped a very specific way. Overall this was a great report which was certainly worth taking the time to read. 

Userlevel 7
Badge +5

Very concerning to see almost half of ransomware attacks were at companies with <100 employees.

Userlevel 7
Badge +22

I feel kind of glad that Apple is the most impersonated, it might help some of the blind faith people seem to have in Apple always being perfect, but it’s a shame people have to be fleeced first before they’ll learn.

Apple bring impersonated is not where that blind faith lies with Apple users. It’s their belief that Apple products are not susceptible to attack. These are two very different things. 
 

But I’m rather disappointed at the number of responses here that are seemingly  taking joy in what they mistakenly perceive as attacks on Apple products.  Seriously, is your anti-Apple sentiment so strong that you find joy in people being deceived or attacked?  I find that more sad than the attack itself. I thought we were supposed to be professional people here. This is very disappointing and makes me wonder if you are truly protecting your Apple customers. 

Userlevel 7
Badge +22

always hover!

You can not believe how often I have to repeat this. Examine that link and if it does not look like it goes where it should, do not click it. 
 

Makes me wonder if a new Webroot WSA add on  could be a sandboxed browser? I know they are not fool proof, but could be another layer of protection for people, especially those who just click links without thinking. 

Userlevel 7
Badge +22

“This year, 86.3% of malware was unique to one PC.”  I am not sure I understood this statement. What exactly does this mean? That just one person had all the malware on their single machine? Seems like that is not really a problem, so obviously I do not understand the meaning of this line. 
 

I understand it as “86,3% of malware identified on any pc were unique to the pc where they were identified”. Meaning that malware are shapeshifting and so unlikely to be detected by signature or file hash.

What i take from reports like this one, is that security awareness and knowing when (not if) someone is poking at your things are key elements to security. The good old “better safe than sorry”.

Thank you. That makes a lot more sense. My brain just did not go there. 
 

Cheers

Userlevel 5
Badge +1

I am looking forward to the webinar.

Userlevel 3

Education is so key as having the awareness will never go out of date whereas the technical aspects of prevention need constantly reviewing and updating.

Userlevel 3

I feel kind of glad that Apple is the most impersonated, it might help some of the blind faith people seem to have in Apple always being perfect, but it’s a shame people have to be fleeced first before they’ll learn.

Userlevel 5
Badge +19

always hover!

Userlevel 3

It’s a bit sad, but not surprising, the percentage of people who get re-infected again and again, I find that the worst of our customers seem incapable of learning from their mistakes!

Userlevel 3

With cryptocurrencies becoming more valuable and popular, some attackers are running scams to steal cryptocurrency itself.

 

No surprise there. There are also attacks to use the resources of the victims to mine crypto.

Userlevel 6
Badge +4

I am surprised that awareness is still taken lightly.
In the corporate structure, the weak link is always the human factor.

I can honestly not agree more with you. Like they say, disaster is always a WHEN it will happen, and never an IF, this “mentality: and pattern of thinking needs to be adopted across all aspects, including areas such as Security Awareness Training. World backup day ha been a very short few days ago, yet it is more than just a world backup day, as backups is always your last line of defense, not your first line and your defense barrier. Data is the single most important asset of any company, as such, every end-user, from the Janitor to the CEO that have access to this data, needs to be educated and trained in Security Awareness. 

Userlevel 2

Interesting to read that the smaller companies are starting to be hit more and the home user. 

Userlevel 6
Badge +4

SMB are the main target of attacks. As they normally do not have the massive budgets to protect against all the bad actors, neither do they really see the reason for things such as SAT (Security Awareness Training) As such, more and more people fall victim especially in the URL side of business. Africa being on the list is no surprise to me at all, as so may of people here simply click before they think of what the link can contain. As such, this report for me is almost a true reflection of what we see and deal with on a daily base across a large number o four customers. Fortunately, we have the larger majority of the customers we look after on Webroot. Security on all areas needs to form part of the protection plans for our customers, and we need to evolve and learn to think and get trained in the new generation of Star Wars in the cyber world where we live in, especially with the 4th industrial revolution we are living in, where everything is now becoming more and more digital and online, we need to be extra careful and more on the alert against bad actors and the schemes they adopt to. 

Userlevel 4

Very interesting - 53% of consumer PCs were infected more than once, and 19% infected more than 5 times.

Userlevel 4

“This year, 86.3% of malware was unique to one PC.”  I am not sure I understood this statement. What exactly does this mean? That just one person had all the malware on their single machine? Seems like that is not really a problem, so obviously I do not understand the meaning of this line. 
 

I understand it as “86,3% of malware identified on any pc were unique to the pc where they were identified”. Meaning that malware are shapeshifting and so unlikely to be detected by signature or file hash.

What i take from reports like this one, is that security awareness and knowing when (not if) someone is poking at your things are key elements to security. The good old “better safe than sorry”.

Userlevel 3

53% of consumer PCs were infected more than once, and 19% infected more than 5 times.

 

More then half are infected but a staggering 19% multiple times ….

In dutch we have a saying “een ezel stoot zich geen twee keer aan dezelfde steen”

Literally: a donkey doesn’t bump against the same stone twice. The meaning is that it would be very stupid to make twice the same mistake. 

Guess there are a lot of donkeys outthere :)

 

Userlevel 4

Wow 53% of consumers were infected more than once and 19% were infected  5 times

Userlevel 6
Badge +6

I was really surprised at the figures of Apple (13.0%), Facebook (12.1%), YouTube (11.8%), Microsoft (9.1%) and Google (9.1%) - I have always just assumed that Microsoft and Facebook would have been the top to be impersonated, but clearly there is a shift towards Apple these days!

Userlevel 4

I am surprised that awareness is still taken lightly.
In the corporate structure, the weak link is always the human factor.

Userlevel 5
Badge +5

53% of consumer PCs were infected more than once, and 19% infected more than 5 times.

Are there similar numbers for people who fell for phishing once falling for it again?

Reply