Microsoft Exchange and Log4j continue to be top points of compromise
Arctic Wolf, a global specialist in security operations, has published its annual Arctic Wolf Labs Threat Report.
Insights from the report reveal a year of turbulence within the threat actor community as Russia's invasion of Ukraine disrupted the operations of top ransomware groups, a lack of multi-factor authentication (MFA) drove business email compromise attacks, and the long-tail of Log4Shell and ProxyShell continues to be exploited en masse more than a year after their initial disclosure.
Created with global threat, malware, digital forensics, and incident response case data that Arctic Wolf collects across the entire security operations framework, the Arctic Wolf Labs Threat Report explores Arctic Wolfs deep and differentiated view into the cybercrime ecosystem, highlights key threat trends and research from 2022, and makes insightful predictions and strategic cybersecurity recommendations for the year ahead.
Findings of note from the Arctic Wolf Labs Threat Report include the following:
- Business Email Compromise (BEC) attacks accounted for over a quarter (29%) of Arctic Wolf's incident response cases last year, with the majority (58%) of victim organisations failing to have multi-factor authentication (MFA) enabled.
- Russia's invasion of Ukraine significantly disrupted the activity of threat actor groups in both countries and influenced a 26% year-over-year decline in observed ransomware cases globally.
- LockBit established itself as the dominant ransomware group, with the e-crime organisation having 248% more victims than BlackCat (ALPHV), the second most active group.
- Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continue to be the top two root points of compromise (RPOC) for Arctic Wolfs incident response cases.
Daniel Thanos, Vice-president and Head, Arctic Wolf Labs, comments, "Arctic Wolf's global scale and expansive solution set provides Arctic Wolf Labs with access to trillions of weekly security events that not only enable us to deliver positive security outcomes for our customers, through better detections and AI models but also allow us to publish truly novel threat research to the security community-at-large.
"We believe the insight and recommendations contained in the Arctic Wolf Labs Threat Report are essential reading for both IT decision-makers and cybersecurity practitioners looking to better understand the complex threat landscape so that they can best defend their most valuable assets from cyberattacks.
"Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defences, which means that organisations need to advance their threat protection beyond the basics to secure their data."
Arctic Wolf Labs brings together Arctic Wolf's security researchers, data scientists, and security development engineers together with a unified goal to help end cyber risk for organisations around the globe, the company states.
Leveraging the more than three trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyses each week, Arctic Wolf Labs is responsible for delivering threat research on new and emerging adversaries. The company is also focused on leveraging machine learning and artificial intelligence to create advance threat detection models that drive continuous improvement in the speed, scale, and detection efficacy of Arctic Wolf's security operations solutions.
Arctic Wolf enables customers to manage their cyber risk in the face of modern cyber attacks via a premier cloud-native security operations platform.