Sticky Report

2022 BrightCloud® Threat Report: The year of innovation for cybercrime

  • 28 March 2022
  • 90 replies
  • 2895 views
2022 BrightCloud® Threat Report: The year of innovation for cybercrime
Userlevel 7
Badge +20
  • Sr. Security Analyst & Community Manager
  • 541 replies

Our latest BrightCloud®️ Threat Report is finally here! This year, our findings show us that cybercriminals are improving their efforts to evade detection. 2021 was the year where everything security-related that could go wrong did go wrong. We witnessed unprecedented attacks on the supply chain around the world. Despite American and Russian coordinated efforts to take down Emotet, REvil, and Conti, cybercriminals found avenues to resurrect themselves and carry out their lethal efforts.

The normalization of remote and hybrid work continued to shift the way bad actors pursue lucrative avenues for exploitation. We also witnessed cybercriminals strategically releasing their executed attacks during specific times of the year.

Our report is full of great insights. Some key findings include:

  • The Middle East, Asia, and Africa were the regions with the highest percentage of infections.
  • 53% of consumer PCs were infected more than once, and 19% infected more than 5 times.
  • Apple was most often impersonated company in phishing attacks.
  • Of all the places where malware could hide on business PCs, it uses %temp% more than half the time.

“With the introduction of Windows 11, bad actors won’t think twice about engaging in new and dangerous exploits that leverage new features not previously available.”

- Grayson Milbourne | Security Intelligence Director

  • During 2021, 82% of ransomware attacks targeted organizations with less than 1,000 employees. The smallest organizations, with 100 employees or less, comprised 44% of ransomware victims.
  • The year-end average for ransomware payments in 2021 more than doubled the 2020 average, hitting $322,168.

By combining layers, like inspecting all incoming emails, keeping PCs fully patched, using antivirus software and endpoint protection tools on all PCs and educating users on how to avoid phishing attacks and other forms of social engineering, you can make it less likely that attacks will succeed.

  • In 2021, we discovered over 4 million new high-risk URLs in 2021, almost 66% of them involved in phishing.
  • Bad actors like to time their phishing attacks. In the month of May alone, we witnessed a 770% increase in phishing activity.

To thwart these types of phishing attacks, users need to be trained to recognize shortened URLs and to find out where they redirect before clicking on them.

Last year was marked by innovation across the threat landscape. In this year’s full report, we delve into the developments affecting businesses large and small.

Download the report and discover for yourself our complete analysis and predictions powered by our BrightCloud®️ Threat Intelligence.

Be sure to sign up for our Webinar to learn more and win prizes

 


90 replies

Userlevel 7
Badge +20

Come tell us your favorite takeaway from this report and be entered in a raffle to win this prize Lego X-Wing at the end of the month! See all details in this community contest post

 

 

 

Userlevel 7
Badge +4

Surprised to hear that The Middle East, Asia, and Africa were the regions with the highest infections. Would have thought Europe!

Userlevel 3

In a bad way good to see that Apple get some attention from the bad people. It is gaining marketshare.

Userlevel 3
Badge +2

“53% of consumer PCs were infected more than once, and 19% infected more than 5 times”

 

More. Than. 5. Times.  This just blows my mind.  Some people just never learn.

Userlevel 4

“53% of consumer PCs were infected more than once, and 19% infected more than 5 times”

 

More. Than. 5. Times.  This just blows my mind.  Some people just never learn.



I have to agree with this one, that is crazy. I’m surprised and also not at all...​​​​

Educate your users. Not to be overlooked!

Userlevel 7
Badge +22

Come tell us your favorite takeaway from this report and be entered in a raffle to win this prize Lego X-Wing at the end of the month! See all details in this community contest post

 

 

I recognize that prize. Hopefully it will go to someone who really wants to win it. 🙂 Thanks for running contests again. It was a lot of fun last time! 

“This year, 86.3% of malware was unique to one PC.”  I am not sure I understood this statement. What exactly does this mean? That just one person had all the malware on their single machine? Seems like that is not really a problem, so obviously I do not understand the meaning of this line. 

53% of consumer PCs were infected more than once...”  This fact really bothered me. It seems once infected, one would take some steps to prevent it from happening again. That seems to not be the case. How can we better educate people? 

Userlevel 7
Badge +22

In a bad way good to see that Apple get some attention from the bad people. It is gaining marketshare.

Explain what you mean please. From what I read, Apple was basically a target of impersonation, and a ransomware target. I did not read that Apple machines were being targeted. Did I miss something?  Thanks.

Userlevel 7
Badge +63

Always on top of it and will be watching 

Brightcloud 2022 Threat Report Webinar!

Userlevel 4

I liked the final statement - “Adopting cyber resilience allows you to prepare and recover from attacks. Through a defense in depth approach, you can act more quickly to thwart malicious threats from spreading, minimize the likelihood of a major data breach and restore your operations. Only through cyber resilience can we truly make progress in our fight against cybercrime.”

 

Userlevel 3

Interesting stat:

The smallest organizations, with 100 employees or less, comprised 44% of ransomware victims.

Userlevel 7
Badge +54

1 paragraph stands out to me as regards Ransomware


“As a result, many organizations are shifting from relying on cyber insurance policies to increasing the strength of their layered defenses in order to be more resilient against ransomware attacks.”

 

A layered defence has been for years been thought to be the best approach and yet it appears that some industries have been slow to toughen their systems up despite the warnings over the years about the threats.

Userlevel 2

“By combining layers, like inspecting all incoming emails for malware, keeping PCs fully patched, using antivirus software and endpoint protection tools on all PCs and educating users on how to avoid phishing attacks and other forms of social engineering, you can make it less likely that attacks will succeed.”

I strongly agree with this part. With a layered approach and proper user training, it is possible to drastically reduce the chance of attacks being successful.

 

Userlevel 4

“Apple was most often impersonated company in phishing attacks.”

I’m honestly not surprised there, the amount of phishing emails I get from ‘Apple’ never ceases to amaze me :D


 

Userlevel 5
Badge +5

53% of consumer PCs were infected more than once, and 19% infected more than 5 times.

Are there similar numbers for people who fell for phishing once falling for it again?

Userlevel 4

I am surprised that awareness is still taken lightly.
In the corporate structure, the weak link is always the human factor.

Userlevel 5
Badge +4

I was really surprised at the figures of Apple (13.0%), Facebook (12.1%), YouTube (11.8%), Microsoft (9.1%) and Google (9.1%) - I have always just assumed that Microsoft and Facebook would have been the top to be impersonated, but clearly there is a shift towards Apple these days!

Userlevel 4

Wow 53% of consumers were infected more than once and 19% were infected  5 times

Userlevel 2

53% of consumer PCs were infected more than once, and 19% infected more than 5 times.

 

More then half are infected but a staggering 19% multiple times ….

In dutch we have a saying “een ezel stoot zich geen twee keer aan dezelfde steen”

Literally: a donkey doesn’t bump against the same stone twice. The meaning is that it would be very stupid to make twice the same mistake. 

Guess there are a lot of donkeys outthere :)

 

Userlevel 3

“This year, 86.3% of malware was unique to one PC.”  I am not sure I understood this statement. What exactly does this mean? That just one person had all the malware on their single machine? Seems like that is not really a problem, so obviously I do not understand the meaning of this line. 
 

I understand it as “86,3% of malware identified on any pc were unique to the pc where they were identified”. Meaning that malware are shapeshifting and so unlikely to be detected by signature or file hash.

What i take from reports like this one, is that security awareness and knowing when (not if) someone is poking at your things are key elements to security. The good old “better safe than sorry”.

Userlevel 4

Very interesting - 53% of consumer PCs were infected more than once, and 19% infected more than 5 times.

Userlevel 4

SMB are the main target of attacks. As they normally do not have the massive budgets to protect against all the bad actors, neither do they really see the reason for things such as SAT (Security Awareness Training) As such, more and more people fall victim especially in the URL side of business. Africa being on the list is no surprise to me at all, as so may of people here simply click before they think of what the link can contain. As such, this report for me is almost a true reflection of what we see and deal with on a daily base across a large number o four customers. Fortunately, we have the larger majority of the customers we look after on Webroot. Security on all areas needs to form part of the protection plans for our customers, and we need to evolve and learn to think and get trained in the new generation of Star Wars in the cyber world where we live in, especially with the 4th industrial revolution we are living in, where everything is now becoming more and more digital and online, we need to be extra careful and more on the alert against bad actors and the schemes they adopt to. 

Userlevel 2

Interesting to read that the smaller companies are starting to be hit more and the home user. 

Userlevel 4

I am surprised that awareness is still taken lightly.
In the corporate structure, the weak link is always the human factor.

I can honestly not agree more with you. Like they say, disaster is always a WHEN it will happen, and never an IF, this “mentality: and pattern of thinking needs to be adopted across all aspects, including areas such as Security Awareness Training. World backup day ha been a very short few days ago, yet it is more than just a world backup day, as backups is always your last line of defense, not your first line and your defense barrier. Data is the single most important asset of any company, as such, every end-user, from the Janitor to the CEO that have access to this data, needs to be educated and trained in Security Awareness. 

Userlevel 3

With cryptocurrencies becoming more valuable and popular, some attackers are running scams to steal cryptocurrency itself.

 

No surprise there. There are also attacks to use the resources of the victims to mine crypto.

Reply