There
was
a
slight
decrease
of
5%
in
ransomware
attacks
between
January
and
December
2022,
with
2,531
attacks,
according
to
the
2022
Annual
Threat
Monitor
Report
from
cyber
security
and
risk
mitigation
firm
NCC
Group.
Although
there
were
slightly
less
attacks
than
2021,
there
was
a
notable
surge
in
ransomware
attacks
between
February
and
April,
coinciding
with
the
start
of
the
Russia-Ukraine
conflict
when
prominent
threat
actor
LockBit
ramped
up
activity.
Analysis
from
across
2022
continues
to
highlight
ransomware
operators
as
effective
innovators
willing
to
find
any
opportunity
and
technique
to
extort
money
from
their
victims
with
data
leaks
and
DDoS
being
added
to
their
arsenal
to
mask
more
sophisticated
attacks.
Compiled
by
NCC
Group’s
Global
Threat
Intelligence
team,
the
report
details
the
events
of
2022
and
their
impact
on
the
cyber
threat
landscape,
providing
an
overview
of
incidents
across
all
sectors
and
highlighting
global
trends.
The
insights
are
based
on
incidents
identified
by
NCC
Groups
global
managed
detection
and
response
service
(MDR)
and
its
global
cyber
incident
response
team
(CIRT).
Threat
actor
turbulence
LockBit
claimed
the
top
spot
for
most
active
threat
actor
in
2022,
responsible
for
33%
of
all
monitored
ransomware
attacks
(846),
a
94%
increase
on
its
2021
activity
(436
attacks).
The
groups
activity
peaked
in
April
with
103
attacks,
ahead
of
the
launch
of
a
new
ransomware
software
and
rebrand
to
LockBit
3.0.
BlackCat
accounted
for
8%
of
the
total
attacks
in
2022.
With
a
quiet
start
in
December
2021
(4
attacks),
the
group
went
on
to
average
18
attacks
each
month,
with
a
peak
of
30
incidents
in
December
2022.
Leading
threat
actor
of
2021,
Russia
affiliated,
Conti
reduced
attack
levels
dramatically
to
just
7%
of
all
recorded
(21%
in
2021),
with
no
attacks
monitored
from
June
onwards.
This
reduction
in
activity
coincided
with
the
introduction
of
new
group
BlackBasta,
believed
to
be
associated
with
or
a
replacement
for
Conti.
Sectors
The
most
targeted
sectors
in
2022
were
Industrials*
with
804
victim
organisations
(32%),
followed
by
Consumer
Cyclicals
with
487
(20%)
and
Technology
with
263
(10%).
While
this
remains
consistent
with
previous
years,
the
report
called
attention
to
a
relative
10%
surge
in
victim
numbers
for
consumer
cyclical
organisations
namely
hotel
and
entertainment,
specialty
retailers
and
homebuilding
and
construction
supply
retailers
and
financial
services.
Meanwhile,
Software
&
IT
Services
was
the
most
targeted
sector
within
Technology,
which
presents
multiple
opportunities
to
threat
actors,
from
the
theft
of
intellectual
property
to
using
victim
companies
for
supply
chain
compromises.
Regions
North
America
and
Europe
suffered
the
most
ransomware
attacks
in
2022.
North
America
bore
the
brunt,
with
44%
of
all
incidents
(1,106),
a
24%
decrease
on
2021s
figures
(1,447).Europe
observed
35%
of
all
incidents,
with
an
11%
increase
in
attack
numbers,
witnessing
896
in
2022
as
compared
to
810
in
2021.
It
was
potentially
influenced
by
surges
in
activity
associated
with
the
Russia-Ukraine
conflict
in
the
first
half
of
the
year.
Rise
in
DDoS
and
BEC
attacks
The
term
‘ransomware’
originally
referred
to
a
type
of
software
that
encrypts
data
for
the
purposes
of
extortion.
Then
came
double
extortion
which
covered
ransomware
and
then
a
subsequent
leaking
of
sensitive
data
on
a
leak
site
also
known
as
pay-now-or-get-breached.
Now
prolific
ransomware
operators
such
as
Lockbit
3.0
are
using
DDoS
attacks
to
add
even
more
pressure
to
a
victim
organisation
known
as
triple
extortion.NCC
Group
observed
230,519
DDoS
events
across
2022
with
an
astonishing
45%
targeted
at
the
United
States,
27%
of
which
occurred
in
January.
This
early
surge
in
DDoS
attacks
and
botnet-led
breaches
reflects
greater
turbulence
within
the
wider
cyber
threat
landscape,
in
part
influenced
by
the
Russia-Ukraine
conflict.
DDoS
continues
to
be
weaponised
by
both
criminal
and
hacktivist
groups
as
part
of
the
conflict,
alongside
disinformation
campaigns
and
destructive
malware,
to
cripple
critical
national
infrastructure
in
Ukraine
and
beyond.
Often
garnering
less
attention
than
their
ransomware
counterparts
business
email
compromise
(BEC)
attacks
are
clearly
a
growing
threat
organisations
must
pay
attention
and
represented
33%
of
all
incidents
observed
by
NCC
Groups
Cyber
Incident
Response
Team
(CIRT).
“2022
was
another
year
that
kept
us
on
our
toes.
The
threat
landscape
has
been
heavily
influenced
by
the
conflict
between
Russia
and
Ukraine,
with
a
whole
arsenal
of
offensive
cyber
capabilities,
from
DDoS
to
malware,
deployed
by
criminals,
hacktivists,
and
even
other
nations,”
says
Matt
Hull,
NCC
Group
Global
Head
of
Threat
Intelligence.
“Though
perhaps
not
the
cybergeddon
that
some
expected
from
the
next
big
global
conflict,
we
are
seeing
state-sponsored
attacks
ramp
up
with
cyber
warfare
proving
to
be
critical
in
this
hybrid
cyber-physical
battlefield.
“Despite
this
slight
dip
in
ransomware
attacks,
this
does
not
mean
we
collectively
declare
job
done,”
says
Hull.
“Indeed,
this
decline
in
attack
volume
and
value
is
probably
in
part
due
to
an
increasingly
hardline,
collaborative
response
from
governments
and
law
enforcement,
and
of
course
the
global
impact
of
the
war
in
Ukraine,”
he
says.
“As
a
result,
we
have
witnessed
several
coordinated
operations
in
2022
that
saw
arrests
of
key
members
of
prolific
cyber-criminal
operatives,
as
well
as
the
disbanding
of
long
established
groups.
Least
of
all
Conti,
which
was
2021s
most
active
group.
“Looking
ahead
to
2023,
we
expect
bad
actors
to
focus
their
attention
on
compromising
supply
chains,
bypassing
multi
factor
authentication
(MFA)
and
taking
advantage
of
misconfigured
APIs.
The
threat
will
persist
and
organisations
must
remain
vigilant
and
understand
how
they
could
be
exposed
and
take
steps
to
mitigate
any
risk.”
About Author
