A new report from security operations startup Arctic Wolf Networks Inc. finds a significant uptick in business email compromise attacks for the first half of this year.
Based on data analysis and insights from Arctic Wolf’s incident response unit Tetra Defense, BEC now accounts for over a third of all total cases responded to and the number of cases nearly doubled from the first to the second quarter. Industries such as finance and insurance, business services, legal and government all saw significant increases in this attack type.
Of those organizations struck by a BEC, 80% of organizations did not have multifactor authentication in place before their incidents. The lack of MFA among victims is said in the report to highlight its importance in securing organizations. “With MFA in place, exploitation of compromised credentials becomes more challenging,” the report notes.
The report also found that median ransomware demands from threat actor groups was $450,000 in the first half of the year, with technology and shipping/logistic industries experiencing demands that were more than double the global median. The ransoms demanded from shipping and logistics are believed to be higher because these industries tend to have less organized networks and data structures and weaker backup practices.
By contrast, the healthcare, finance and insurance industries all had median ransom demands below the global average, despite accounting for more than 30% of the caseload. The report suggests that this is because these industries typically are more mature in their cyber hygiene practices thanks to very sensitive and valuable data, giving threat actors less leverage to demand a higher ransom.
Although the report says the human element is a common attack vector, most incidents are driven by the exploitation of unpatched vulnerabilities or remote access tools. Some 81% of incidents in the first half involved external exposure of either a known vulnerability on a victim’s network or a remote desktop protocol. Some 56% of incidents were due to vulnerabilities, while 25% were caused by external remote access.
“The first six months of 2022 were filled with unprecedented international geopolitical strife and economic uncertainty, but even with these global events, threat actors continued cybercrimes against organizations of all sizes,” the report concludes.