Business and Legal Insights

Internet users have (mostly) learned to avoid scams by supposed Nigerian princes looking to share a vast inheritance, and there has been a rise in awareness of other common signs of phishing attempts, such as poor spelling and grammar and suspicious email addresses. But as internet users become savvier about identifying cyber threats, cyber-criminals continue to finesse their attacks. Phishing emails today can look almost identical to legitimate business-related emails, and are often successful at evading even the most sophisticated spam filters.

According to a new report by the cybersecurity company Acronis, nearly half of all cyber breaches during the first half of 2022 involved stolen credentials, and the cyber-criminals’ main tool has been phishing. One out of 100, or 1%, of the received emails in the sample studied by Acronis were malicious, and they observed 600 malicious email campaigns, of which 81% were phishing campaigns, with an average of 10 attacked organizations per campaign. Of all of the malicious emails reviewed by Acronis, 58% were phishing, 28% were malware, 7% were advanced attacks, and 7% were other malicious emails. And with companies relying more on more on cloud-based networks, cyber-criminals continue to devise methods to breach these networks through unpatched or software vulnerabilities to extract data.

Ransomware, observed the report, is still the top cyberthreat for businesses. Although the number of ransomware incidents has increased by only 1% between Q1 and Q2 of 2022, ransomware is getting worse – worse, in fact, than they had previously predicted. Although there are few ransomware gangs left thanks to law enforcement efforts, the ones that are operating continue to inflict significant damage, and global ransomware damages are estimated to exceed $30 billion by 2023.

“Increasing complexity in IT continues to lead to breaches and compromises highlighting the need for more holistic approaches to cyber-protection. […] The current cybersecurity threat landscape requires a multi-layered solution that combines anti-malware, EDR [endpoint detection and response], DLP [data loss prevention], email security, vulnerability assessment, patch management, RMM [remote monitoring and management], and backup capabilities all in one place,” the report stated.