A recent analysis from security firm Arctic Wolf indicates a considerable increase in Business Email Compromise (BEC) attacks in the first half of 2022.
According to data analysis and observations from Arctic Wolf’s incident response department Tetra Defense, BEC attacks currently account for more than a third of all incidents, with the number of cases doubling between the first and second quarter of 2022. Finance, insurance, legal, business services and public sector companies all witnessed considerable increases in BEC attacks.
80 percent of the organizations hit by a BEC did not have multifactor authentication (MFA) before the event. The report mentions the lack of MFA among victims to emphasize its relevance in securing organizations. According to the research, credential theft becomes extremely difficult with MFA in place.
The varying ransom demands
According to the survey, the median ransomware demand by threat actors during the year’s first half was $450,000, with the technology and logistics industries witnessing demands that often doubled the worldwide average. The ransoms requested from the shipping and logistics industries are considered more significant since these companies have less structured networks, data architecture and inferior backup measures.
Although contributing more than 30 percent of the cases, the healthcare, banking, and insurance industries all received median ransom demands that were lower than the global average. According to the researchers, these companies often have more sophisticated cybersecurity policies due to highly delicate and valuable data, providing threat actors less power to demand a greater ransom.
Known vulnerabilities and remote access
Although the research states that human errors often lead to initial access, most events are caused by the presence and subsequent breaches of open vulnerabilities and remote access methods. 81 percent of events in the first half of 2022 involved an attack on a known flaw in a victim’s system or workstation protocol.
Vulnerabilities were responsible for 56 percent of events, while external remote access was responsible for 25 percent. Incidents using the ProxyShell and Log4j vulnerabilities cost firms twice as much to react to as the average incident.