Report

2022 BrightCloud® Threat Report: The year of innovation for cybercrime

2022 BrightCloud® Threat Report: The year of innovation for cybercrime
Userlevel 7
Badge +24
  • Sr. Security Analyst & Community Manager
  • 1098 replies

Our latest BrightCloud®️ Threat Report is finally here! This year, our findings show us that cybercriminals are improving their efforts to evade detection. 2021 was the year where everything security-related that could go wrong did go wrong. We witnessed unprecedented attacks on the supply chain around the world. Despite American and Russian coordinated efforts to take down Emotet, REvil, and Conti, cybercriminals found avenues to resurrect themselves and carry out their lethal efforts.

The normalization of remote and hybrid work continued to shift the way bad actors pursue lucrative avenues for exploitation. We also witnessed cybercriminals strategically releasing their executed attacks during specific times of the year.

Our report is full of great insights. Some key findings include:

  • The Middle East, Asia, and Africa were the regions with the highest percentage of infections.
  • 53% of consumer PCs were infected more than once, and 19% infected more than 5 times.
  • Apple was most often impersonated company in phishing attacks.
  • Of all the places where malware could hide on business PCs, it uses %temp% more than half the time.

“With the introduction of Windows 11, bad actors won’t think twice about engaging in new and dangerous exploits that leverage new features not previously available.”

- Grayson Milbourne | Security Intelligence Director

  • During 2021, 82% of ransomware attacks targeted organizations with less than 1,000 employees. The smallest organizations, with 100 employees or less, comprised 44% of ransomware victims.
  • The year-end average for ransomware payments in 2021 more than doubled the 2020 average, hitting $322,168.

By combining layers, like inspecting all incoming emails, keeping PCs fully patched, using antivirus software and endpoint protection tools on all PCs and educating users on how to avoid phishing attacks and other forms of social engineering, you can make it less likely that attacks will succeed.

  • In 2021, we discovered over 4 million new high-risk URLs in 2021, almost 66% of them involved in phishing.
  • Bad actors like to time their phishing attacks. In the month of May alone, we witnessed a 770% increase in phishing activity.

To thwart these types of phishing attacks, users need to be trained to recognize shortened URLs and to find out where they redirect before clicking on them.

Last year was marked by innovation across the threat landscape. In this year’s full report, we delve into the developments affecting businesses large and small.

Download the report and discover for yourself our complete analysis and predictions powered by our BrightCloud®️ Threat Intelligence.

Be sure to sign up for our Webinar to learn more and win prizes

 


114 replies

Userlevel 4

It’s a bit sad, but not surprising, the percentage of people who get re-infected again and again, I find that the worst of our customers seem incapable of learning from their mistakes!

Userlevel 5
Badge +19

always hover!

Userlevel 3

I feel kind of glad that Apple is the most impersonated, it might help some of the blind faith people seem to have in Apple always being perfect, but it’s a shame people have to be fleeced first before they’ll learn.

Userlevel 4

Education is so key as having the awareness will never go out of date whereas the technical aspects of prevention need constantly reviewing and updating.

Userlevel 6
Badge +1

I am looking forward to the webinar.

Userlevel 7
Badge +25

“This year, 86.3% of malware was unique to one PC.”  I am not sure I understood this statement. What exactly does this mean? That just one person had all the malware on their single machine? Seems like that is not really a problem, so obviously I do not understand the meaning of this line. 
 

I understand it as “86,3% of malware identified on any pc were unique to the pc where they were identified”. Meaning that malware are shapeshifting and so unlikely to be detected by signature or file hash.

What i take from reports like this one, is that security awareness and knowing when (not if) someone is poking at your things are key elements to security. The good old “better safe than sorry”.

Thank you. That makes a lot more sense. My brain just did not go there. 
 

Cheers

Userlevel 7
Badge +25

always hover!

You can not believe how often I have to repeat this. Examine that link and if it does not look like it goes where it should, do not click it. 
 

Makes me wonder if a new Webroot WSA add on  could be a sandboxed browser? I know they are not fool proof, but could be another layer of protection for people, especially those who just click links without thinking. 

Userlevel 7
Badge +25

I feel kind of glad that Apple is the most impersonated, it might help some of the blind faith people seem to have in Apple always being perfect, but it’s a shame people have to be fleeced first before they’ll learn.

Apple bring impersonated is not where that blind faith lies with Apple users. It’s their belief that Apple products are not susceptible to attack. These are two very different things. 
 

But I’m rather disappointed at the number of responses here that are seemingly  taking joy in what they mistakenly perceive as attacks on Apple products.  Seriously, is your anti-Apple sentiment so strong that you find joy in people being deceived or attacked?  I find that more sad than the attack itself. I thought we were supposed to be professional people here. This is very disappointing and makes me wonder if you are truly protecting your Apple customers. 

Userlevel 7
Badge +6

Very concerning to see almost half of ransomware attacks were at companies with <100 employees.

Userlevel 6
Badge +1

There were so many interesting stats in this article that I feel would shock most people. One thing I found interesting was the number of stats relating to malicious links and sites that had the US either at the top or highly ranked as an offender. I was initially shocked by the number amount of machines infected multiple times, but then I thought back to a ransomware incident we assisted with that had a special infection that would come back if a machine was not wiped a very specific way. Overall this was a great report which was certainly worth taking the time to read. 

Userlevel 1
Badge +1

Interesting stat:

The smallest organizations, with 100 employees or less, comprised 44% of ransomware victims.

 

Most of the time they just don’t have the manpower, funds or willingness to strengthen their cyber posture.

Userlevel 3

The Middle East, Asia, and Africa were the regions with the highest percentage of infections. We should look into decrease percentage of infections 

Userlevel 3
Badge

The fact that less 44% of victims are small business but ransom payments are up double from previous year means small medium businesses are proving an increasingly reliable soft target for attackers. This is particularly salient for those of us who support this sector indicating we need to continue upping our efforts to improve security and awareness and get small businesses to put protection and backup higher on their agenda!

Userlevel 3

Incredible how many people get hit more than once. Just goes to show that how we bad you think the issues are, the reality day to day is far worse. 

Userlevel 7
Badge +4

“53% of consumer PCs were infected more than once”

 

What fresh hell is this?! I find it alarming from reading this the sheer volume of people that this happens to. You would think by now that people would be more vigilant, this is genuinely frightening. 

Userlevel 5
Badge +4

Many small businesses tend to make “easy” targets through a perfect storm of denial that they are likely targets, psuedo-MSP’s who don’t provide truly comprehensive security, training issues, and a butt-load of cash.  With older “family” staff that is ripe for phishing makes it difficult to protect some of these clients.

Userlevel 4

“With the introduction of Windows 11, bad actors won’t think twice about engaging in new and dangerous exploits that leverage new features not previously available.”

 

Just when you thought it was safe to release a new OS.  I'm personally not planning on migrating to it anytime soon, as well as our clients.  

Userlevel 6
Badge +5

The one fact that stood out to me the most was “Bad actors like to time their phishing attacks. In the month of May alone, we witnessed a 770% increase in phishing activity.”  I have to wonder why May? 

I firmly believe all users should have regular Security Awareness Training. It is well worth the investment.

Userlevel 3

“This year, 86.3% of malware was unique to one PC”

I couldn’t believe this, this is shocking, the world needs to realize and protect its self.

Userlevel 4

It’s good to see that the overall infection rates are on the decline. But its still surprising to see how much Windows 7 and related exposure is still out there. Having the numbers to see the rising cost of ransomware and the effectiveness of phishing shows that we have a long way to go. Thanks for providing the stats with this comprehensive report and explaining things in the webinar too! 

Userlevel 3
  • During 2021, 82% of ransomware attacks targeted organizations with less than 1,000 employees. The smallest organizations, with 100 employees or less, comprised 44% of ransomware victims.

WOW!

82%!!! Huge number!

Userlevel 7
Badge +6

That webinar yesterday was really good! Thank you for doing that.

Alarmed to see how many Windows 7 computers are still out there and also how high the percentage of infections for small businesses is.

Userlevel 4

with this i think we can see where awareness and training are taken (a little more) seriously

Userlevel 3

With Digital currency threats are almost certain when using currency

 

82% for small businesses with less than 1000 employee’s is very high but it makes sense when it comes to a small number of users

Userlevel 5

I’m really surprised at all the details in this. I definitely would expect larger companies to be targeted more often. In hindsight it makes sense because the smaller ones likely don’t have the resources or training to deal with threats. I also can’t believe how high the average payout is, over 300k is so much!

Reply