[ad_1]
Threats from phishing and malicious emails have increased by 60 percent, and the average cost of a data breach is expected to reach $5 million by 2023, according to Acronis, a global leader in cyber protection.
In its latest Cyber Threats and Trends Report for the Second Half of 2022, Acronis found that the use of phishing and MFA fatigue attacks, an extremely effective method for high-profile breaches, is increasing.
As the digital ecosystem in the Middle East continues to evolve, a solid cybersecurity strategy remains a top priority as data breaches intensify.
KSA breach to hit $7 million
Reported breaches in Saudi Arabia, for example, could average $7 million, as the country continues to report one in five attacks as ransomware, according to security analysts.
With the average cost of a ransomware attack increasing every year, factors such as weak credentials, phishing emails, and unpatched vulnerabilities remain the top cyberattack vectors.
In the UAE, targeted organizations lost more than $1.4 million to ransomware, forcing the closure of more than 40% of affected companies. Following this worrying trend, the UAE Cyber Security Council announced the adoption of stringent cyber security standards to protect the country’s digital space.
social engineering attack
The research team that authored the report also found that social engineering attacks have spiked in the past four months, accounting for 3 percent of all attacks. Compromised or stolen credentials make it easy for attackers to carry out cyberattacks and ransomware campaigns, and are responsible for nearly half of all reported breaches in the first half of 2022.
“The past few months have proven to be as complex as ever – new threats continue to emerge and malicious actors continue to use the same proven playbooks to reap big rewards,” said Candid Wüest, vice president of research at Acronis Cyber Protection. “In the new year As organizations seek to reduce phishing and other hacking attacks, organizations must prioritize all-encompassing solutions. Adversaries are evolving to use some of the tools we rely on to protect employees and businesses from us, such as MFA.”
The sixth most densely populated region in the world, South Africa saw a surge in cybercrime victims from 14.1 victims per million internet users in 2019 to 50.8 victims in 2020. Recently, the country enacted a cybersecurity law that clearly defines cybercrime to effectively regulate and prosecute them.
Kenya and Nigeria
In Kenya and Nigeria, financial phishing attempts increased significantly in the first and second quarters of 2022, as banks, online payment systems, and e-commerce sites were targeted. In Kenya, more than 100,000 financial phishing attacks were detected—a 201% increase compared to Q1; and Nigeria reported more than 61,000 financial phishing attacks, a 79% increase compared to Q1.
The threat landscape faces new challenges
As security policies and the technologies associated with them continue to evolve, so do the threat actors seeking to break into organizations and their ecosystems. The steady stream of ransomware, phishing, and unpatched vulnerabilities shows how important it is for businesses to re-evaluate their security strategies.
Ransomware continues to fester:
●Ransomware remains the number one threat to businesses and enterprises, including organizations in government, healthcare and other sectors.
● Ransomware gangs have been adding 200-300 new victims to their consolidated lists every month for the second half of this year.
●The ransomware operator market is dominated by 4-5 players. As of the end of the third quarter, the total number of compromised targets announced by major operators in 2022 is as follows:
o LockBit – 1157
Hive – 192
o Black Cat – 177
Black Basta – 89
● 576 people publicly mentioned ransomware compromises in the third quarter, a slight increase from the second quarter.
● The number of ransomware incidents declined slightly in the third quarter after peaking in the summer. From July to August, Acronis saw a 49 percent increase in blocked ransomware attacks worldwide, followed by declines of 12.9 percent in September and 4.1 percent in October.
● There has been a shift toward more data breaches as key players continue to professionalize their operations. Most of the big players have expanded into MacOS and Linux, and are also eyeing cloud environments.
Phishing and malicious emails remain successful for threat actors:
● The countries with the worst malware attacks per user in Q3 2022 were South Korea, Jordan, and China.
● On average, 7.7% of endpoints attempted to access some malicious URL in Q3 2022, down slightly from 8.3% in Q2.
The country with the most customers experiencing malware detections in October 2022 is the United States at 22.1%, followed by Germany at 8.8% and Brazil at 7.8%, which is very similar to Q2 numbers, but the U.S. and Germany saw a smaller increase, especially among financial Trojans.
● Spam rates increased by more than 15 percent—to 30.6 percent of all inbound traffic.
● Email-based attacks target almost all industries. Analyzing the top 50 most attacked organizations, it appears that the most attacked industries are:
o construction
oRetail
oReal estate
o Professional Services (Services and Computers and IT)
oFinance
● The proportion of phishing attacks rose 1.3-fold to 76% of all email attacks between July 2022 and October 2022 (up from 58% in H1 2022). This rise has come at the expense of the proportion of malware attacks.
Unpatched vulnerabilities proved fruitful:
● Acronis continues to discover and warn business and home users that new zero-day vulnerabilities and old, unpatched vulnerabilities are the top attack vectors for compromising systems.
● While software vendors try to keep up and release patches on a regular basis, it is often not enough – many attacks succeed due to unpatched vulnerabilities.
●Microsoft:
o Another phishing campaign targeting Microsoft did impersonate “Microsoft Teams” and attempted to entice recipients to add the text of their memo to an online memorial board “in memory of Queen Elizabeth II, who died in September.”
oAnother large-scale phishing campaign was discovered targeting credentials for Microsoft’s M365 email service. It targets fintech, lending, accounting, insurance and federal credit union organizations in the US, UK, New Zealand and Australia. — trade arab news agency
[ad_2]
Source link