{"id":66834,"date":"2023-05-08T16:25:59","date_gmt":"2023-05-08T08:25:59","guid":{"rendered":"https:\/\/version-2.com\/?p=66834"},"modified":"2024-09-13T16:31:18","modified_gmt":"2024-09-13T08:31:18","slug":"must-know-cybersecurity-statistics-of-2022","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2023\/05\/must-know-cybersecurity-statistics-of-2022\/","title":{"rendered":"Must-know cybersecurity statistics of 2022"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>

Cybersecurity is a critical concern for organizations worldwide. In 2022, we saw an unprecedented increase in the number and severity of cyber attacks. With more people working remotely, organizations have become more vulnerable to attacks. Cybercriminals continue to target businesses across all industries, using various tactics to breach networks and access personal data.<\/p>

This article will delve into the most significant cybersecurity statistics of 2022, including the key numbers, data breaches with the most substantial impact, vulnerable industries, types of attacks, prevention actions, and the cost of cybercrime. Understanding these statistics is mandatory for businesses to develop effective security strategies and protect their data from malicious actors.<\/p>

Key numbers of 2022\u00a0<\/h2>

  1. A staggering 82% of all breaches involved the “human element”<\/strong> using stolen credentials, phishing, human error, and misuse. (Verizon<\/a>)<\/p><\/li>

  2. Data compromises, such as data breaches, exposure, and leakage, impacted over 422 million people<\/strong>. (ITRC<\/a>)<\/p><\/li>

  3. Supply chain attacks accounted for 19% of all cyber security incidents<\/strong>. (IBM<\/a>)<\/p><\/li>

  4. In Q4 of 2022, the number of cyberattacks worldwide reached an unparalleled level, with each organization experiencing an average of 1168 attacks per week<\/strong>. (Checkpoint<\/a>)<\/p><\/li>

  5. Servers were involved in 84% of all cyber security incidents<\/strong>, with web application servers and mail servers accounting for 56% and 28% of these incidents<\/strong>, respectively. (Verizon<\/a>)<\/p><\/li>

  6. Nearly half of all cyber security incidents (47%) pertained to personally identifiable information (PII)<\/strong>, while another 46% involved authentication credentials<\/strong>. Payment card data was affected in only 7% of the incidents<\/strong>. (Verizon<\/a>)<\/p><\/li>

  7. Cyberattacks surged in the USA, with a staggering 57% increase<\/strong>. Latin America experienced a 29% increase<\/strong>, while Europe and Singapore both saw a 26% increase<\/strong>. Meanwhile, the UK encountered a shocking 77% spike<\/strong> in cyberattacks. (Checkpoint<\/a>)<\/p><\/li>

  8. 83%<\/strong> of organizations experienced more than one data breach. (IBM<\/a>)<\/p><\/li>

  9. There was a 38% increase in global cyberattacks<\/strong> compared to the previous year. (Checkpoint<\/a>)<\/p><\/li>

  10. Almost 1 billion emails were exposed, affecting one in five internet users. (AAG<\/a>)<\/p><\/li><\/ol>

    The top 10 most significant data breaches of 2022<\/h2>

    We present the most impactful data breaches of the last year.<\/p>

    10. The Axie Infinity\u2019s crypto theft<\/h3>

    Axie Infinity is an online video game that uses Ethereum-based cryptocurrencies and NFTs. As the games services heavily rely on blockchain service Ronin, cyber criminals managed to infiltrate the system. They were able to take control of the network and send 173,600 ethers worth about $600 million and withdraw $25.5 million worth of coin<\/a>. This has now become one of the largest thefts in the history of cryptocurrencies and online gaming.<\/p>

    9. Cash App data breach<\/h3>

    In April, a disgruntled former employee of Cash App, a payment company, took it upon himself to breach the company’s system. The hacker managed to access sensitive reports<\/a>, including the names, portfolio values, and brokerage account numbers of more than 8 million clients, which they then stole.<\/p>

    8. Costa Rica\u2019s government ransomware attack<\/h3>

    The Costa Rican government suffered a major cyberattack when the Conti ransomware gang successfully breached their systems. The group gained access to highly valuable data, which they stole and then demanded a hefty ransom of $20 million<\/a>.<\/p>

    This forced the Central American government to declare a state of emergency. Shockingly, weeks after the attack, 670 GB of data, representing 90% of the information that had been accessed, was posted to a leak site by the threat group.<\/p>

    7. Neopets data breach<\/h3>

    Last July, a database with account details of 69 million Neopets game users was found for sale on an internet forum<\/a>. The data included names, email addresses, zip codes, genders, and birth dates. An inquiry found that cyber attackers had infiltrated the Neopets IT systems and had unauthorized access to it for a prolonged period, from January 3, 2021, to July 19, 2022, spanning over 18 months.<\/p>

    6. Revolut data breach<\/h3>

    In September 2022, a data breach occurred at fintech start-up Revolut, resulting in personal information of more than 50,000 users being accessed<\/a> by a third-party. The breached data included names, addresses, and partial payment card information. However, Revolut assured that the card details were masked. The Lithuanian government commended Revolut for taking immediate action to eliminate the attacker’s access to the data once the breach was detected.<\/p>

    5. Shein data breach<\/h3>

    In October, Shein and Romwe’s parent company Zoetop Business was fined $1.9 million by the state of New York for not disclosing a data breach<\/a> that impacted 39 million customers. The breach occurred in July 2018 when a malicious third party accessed Shein’s payment systems. Shein was informed by their payment processor that their system had been infiltrated and customer card data had been stolen. The discovery was made after the credit card network found Shein customers\u2019 payment details for sale on the dark web.<\/p>

    4. Hacker allegedly hits both Uber & Rockstar<\/h3>

    Between September 15-19, a hacker allegedly targeted both Uber and Rockstar<\/a>. In the Uber breach, the hacker accessed the company’s internal servers using malware installed on a contractor’s device. They then posted a message to a company-wide Slack channel and reconfigured Uber\u2019s OpenDNS to display a graphic image to employees on some internal sites.<\/p>

    In the same timeframe, the Rockstar Games’ developer suffered a network intrusion, leading an unauthorized third party to illegally access and download confidential information, including gameplay footage of the unreleased Grand Theft Auto 6 game. The hacker claimed they obtained the footage by hacking into a Slack channel used for communication about the game.<\/p>

    3. Medibank data leak<\/h3>

    Australian healthcare and insurance provider Medibank detected \u201cunusual activity\u201d on its internal systems on October 13. By November 7, Medibank announced that a hacker had stolen the confidential data of 9.7 million past and present customers<\/a>, including personally identifying information and medical procedure codes. Despite the hacker\u2019s demands for ransom, Medibank refused to pay.<\/p>

    On November 9, the hacker released files containing customer data labeled “good-list” and “naughty-list,” with the latter reportedly including sensitive information on those who sought medical treatment for HIV, drug addiction or alcohol abuse, and mental health issues like eating disorders. The hacker posted a file labeled \u201cabortions\u201d containing information on claimed procedures to a site backed by the Russian ransomware group REvil on November 10.<\/p>

    2. BidenCash data breach<\/h3>

    On October 12, carding marketplace BidenCash made public the details of 1.2 million credit cards expiring between 2023 and 2026<\/a>. The leaked information, which included other necessary details for making online transactions, was posted on the dark web site for free.<\/p>

    BidenCash had leaked the details of a few thousand credit cards in June, likely as a promotional stunt, and as the site had launched new URLs in September due to a series of DDoS attacks, some experts speculated that this new release could be another attempt at advertising.<\/p>

    1. Twitter data breach<\/h3>

    Twitter faced accusations of attempting to cover up a major data breach that compromised the personal information of millions of users<\/a>. In July, a hacker who went by the name ‘devil’ claimed to have the data of 5.4 million Twitter accounts for sale on BreachForums, including email addresses and phone numbers belonging to celebrities, companies, and regular users.<\/p>

    The stolen data also included information from “OGs,” which are highly desirable Twitter handles consisting of one or two letters or a word with no misspelling, numbers, or punctuation. The hacker demanded a minimum of $30,000 for the database. The data breach, resulting from a vulnerability in Twitter’s system that was discovered in January, caused significant concern among the public and further highlighted the ongoing need for strong cybersecurity measures.<\/p>

    Most targeted industries in 2022<\/h2>

    As we embark on a new year, the cyber threat landscape is continuously evolving, making it more challenging for organizations to keep up with the pace of these attacks. From ransomware to phishing scams, no industry is immune to cyber threats.<\/p>

    <\/p>

    This list highlights the top 10 most targeted industries in 2022, based on the <\/picture>IBM X-Force 2022 Threat Intelligence Index report<\/a>. And hopefully, a better understanding of the threat landscape in different industries can help organizations adopt robust cybersecurity strategies to safeguard their systems, data, and customers against cybercriminals.<\/picture><\/p><\/div>

    Media & telecommunications – 0.5%<\/h3>

    Last year, media and telecommunications industries remained relatively unscathed, with a mere 0.5% of incidents reported. However, it is worth noting that external remote services such as VPNs and valid domain accounts were often exploited to gain unauthorized access, resulting in ransomware attacks.<\/p>

    The consequences of these attacks were severe, ranging from data theft, leaks, and destruction to extortion, and involved the deployment of data exfiltration tools and ransomware. Despite their low incidence rate, the potential impact of cyber threats on media and telecom companies cannot be underestimated.<\/p>

    Transportation – 3.9%<\/h3>

    Transportation dropped from seventh to ninth place in the 2022 X-Force report, but the industry remained a frequent target, accounting for 3.9% of incidents. Phishing was the primary method of initial access, with links, attachments, and spear phishing equally represented. Valid local accounts were also exploited in 33% of cases, while valid cloud accounts were used in 17%.<\/p>

    The top objectives were server access and deployment of remote access tools, followed by spam campaigns, ransomware, backdoors, and defacement. Data theft was the most common outcome, occurring in half of all cases, with extortion and brand reputation damage also common. European transportation entities were the hardest hit, accounting for 62% of cases, with Asia-Pacific in second place at just over 37%.<\/p>

    Government – 4.8%<\/h3>

    Government entities were one of the prime targets of cyberattacks in 2022, with backdoors and DDoS attacks accounting for 25% of cases each. Public sector networks contain a wealth of sensitive information, making them a popular objective for cyber espionage campaigns aimed at stealing PII and other data. Malicious Office documents were found in 17% of cases, while the remaining 83% involved cryptominers, credential acquisition tools, ransomware, and web shells.<\/p>

    X-Force attributed incidents in this sector to cybercriminals, insider threats, hacktivists, and state-sponsored groups conducting espionage, each accounting for an equal share. Infection vectors were primarily public-facing applications and spear phishing attachments, with valid default accounts exploited in 20% of cases. Asia-Pacific governments were hit the hardest, with 50% of cases, followed by Europe at 30% and North America at 20%.<\/p>

    Healthcare – 5.8%<\/h3>

    Still being the top object of international cyberattacks, the healthcare industry experienced a decline from sixth place in 2021. X-Force responded to approximately 5%-6% of healthcare cases in the last three years. Backdoor attacks and web shells were prevalent, accounting for 27% and 18% of cases, respectively.<\/p>

    Adware, BEC, cryptominers, loaders, reconnaissance and scanning tools, and remote access tools made up 9% of cases each. Most of the observed impacts were from reconnaissance at 50%, while data theft and digital currency mining each accounted for 25% of cases. European-based healthcare entities were targeted the most, comprising 58% of incidents, with the remaining 42% in North America.<\/p>

    Education – 7.3%<\/h3>

    Backdoor attacks in the education sector comprised 20% of incidents X-Force responded to. Ransomware, adware, and spam each accounted for 13% of incidents. Exploitation of public-facing applications was the most common initial access vector at 42%, followed by spear phishing attachments at 25%. Asia-Pacific was the region with the highest number of cases at 67%, followed by North America at 27%, and Latin America at 6%.<\/p>

    Retail and wholesale – 8.7%<\/h3>

    The retail and wholesale industry maintained its position as the fifth-most targeted industry, as per the X-Force report for 2022. Spear phishing emails with malicious links were the most common initial access vector at 33%. Ransomware, backdoors and BEC were the most common attack types, each accounting for 19% of incidents.<\/p>

    Victims experienced extortion in half of the cases, while credential harvesting and financial loss were observed in 25% of cases each. North America and Latin America had the highest number of cases at 39% each, while Europe accounted for 22% of incidents.<\/p>

    Energy – 10.7%<\/h3>

    The energy sector, encompassing electric utilities and oil and gas companies, was the fourth-most targeted industry with 10.7% of attacks. Attackers commonly gained initial access through the exploitation of public-facing applications (40%), spear phishing links (20%), or external remote services (20%). Botnets were the top method of attack in 19% of cases, followed by ransomware and BEC at 15% each.<\/p>

    North American organizations were the most targeted at 46%. Incidents involved data theft and extortion in 23% of cases, while credential harvesting and botnet infections were observed in 15% of cases each. The energy sector faces pressure from various global factors, particularly those exacerbated by Russia\u2019s aggression in Ukraine and its impact on the already unstable global energy trade.<\/p>

    Professional, business & consumer services – 14.6%<\/h3>

    The professional services industry, including consultancies and law firms, was the target of 52% of cyber attacks in this category. Business services, such as IT and advertising, accounted for 37% of attacks, while consumer services made up 11%.<\/p>

    Ransomware and backdoor attacks were the most frequent types of attacks, with public-facing applications and remote services being the top infection vectors. Extortion was the most common attack type.<\/p>

    Finance & insurance – 18.9%<\/h3>

    Last year the finance and insurance organizations were the target of 18.9% of cyber attacks, earning it second place in this list. Despite a slight decrease in attacks over the past few years, finance and insurance organizations remain prime targets due to their advanced digital transformation and cloud adoption progress.<\/p>

    Backdoor attacks were the most common objective at 29%, followed by ransomware and maldocs at 11% each. Spear phishing attachments were the top infection vector, responsible for 53% of attacks. Europe experienced the highest volume of attacks at 33%, followed by Asia-Pacific at 31%. Latin America, North America, and the Middle East and Africa experienced approximately 15%, 10%, and 10% of incidents, respectively.<\/p>

    Manufacturing – 24.8%<\/h3>

    The manufacturing industry was the most targeted in 2022, with backdoors being deployed in 28% of incidents and spear phishing and public-facing applications being the top infection vectors at 28% each. External remote services accounted for 14% of incidents, while spear phishing links and valid default accounts were tied for third place at 10%.<\/p>

    Extortion was the top impact on manufacturing organizations, followed by data theft and leaks. The Asia-Pacific region had the most incidents at approximately 61% of cases, while Europe and North America tied for second place at 14%. Latin America accounted for 8% of incidents, and the Middle East and Africa had 4%.<\/p>

    Most common cyber attacks in 2022<\/h2>

    With the increasing use of technology in our daily lives, cybercriminals are finding new ways to exploit vulnerabilities in web applications, cloud services, Internet of Things (IoT) devices, and human behavior.<\/p>

    We present to you the top 10 list of cyber attacks with the hope that you can take steps to protect yourself and your data from potential cyber threats in the future.<\/p>

    10. SQL injection & Cross-site Scripting (XSS)<\/h3>

    SQL injection and Cross-site Scripting (XSS) are common types of cyber attacks in 2022<\/a> that exploit vulnerabilities in web applications. SQL injection attacks can be used to insert malicious code into an SQL database, potentially giving attackers access to sensitive information or control over the entire system. Use parameterized queries to prevent SQL injection attacks and keep your software up-to-date.<\/p>

    XSS attacks use third-party online resources to insert malicious scripts into legitimate websites or applications to obtain user information. Attackers commonly use JavaScript, Microsoft VBScript, ActiveX, or Adobe Flash for XSS attacks. Web apps are often vulnerable to XSS attacks when they receive user input without validating or encoding it in their output.<\/p>

    9. Cloud jacking<\/h3>

    Cloud jacking, also known as cloud hijacking, targets data stored in external cloud services such as Salesforce or Microsoft Azure<\/a>. Hackers exploit poorly secured loopholes to steal data since modern enterprises increasingly use cloud-based services. Since most users do not store many files locally, cyber criminals find targeting the centers housing the data more worthwhile. Common methods include exploiting cloud provider management software vulnerabilities or cracking default security configurations.<\/p>

    8. Internet of Things (IoT) attacks<\/h3>

    An IoT attack targets Internet of Things devices or networks, allowing hackers to take control of devices, steal data, or join a network of infected devices to execute DoS or DDoS attacks. The IoT encompasses a wide range of internet-connected devices, from smartphones to smart home appliances, making them vulnerable to cyberattacks.<\/p>

    Attackers can exploit IoT devices to launch attacks on other devices, causing significant damage that can be challenging to detect. There was a noticeable increase of IoT attacks last year<\/a>.<\/p>

    7. Insider threats<\/h3>

    Insider threats refer to the risks associated with an organization’s own staff. These threats can come from rogue employees with malicious intent or from employees who are simply negligent. In some cases, hackers can bribe insiders to help them gain access to sensitive information. However, the line between insider threat and whistleblower can sometimes be blurry.<\/p>

    Unlike social engineering, where attackers pretend to have legitimate access, insiders actually have legitimate access but use it for malicious purposes. Organizations must have policies and procedures to detect and prevent insider threats. It\u2019s also reported that insider threats have risen 44% over the past two years<\/a>.<\/p>

    6. Man-in-the-Middle attack<\/h3>

    Man-in-the-middle attacks aim to steal sensitive information by intercepting and manipulating messages between two parties who believe they are communicating directly and securely. While most communication channels use some encryption to make such snooping attempts more difficult, expired SSL certificates on various websites and the use of freemium VPNs, proxies, or public wifi can create open gaps that attackers can exploit.<\/p>

    Attackers can read, modify, or even delete data during such attacks, which can be challenging to detect. To protect against man-in-the-middle attacks, it is essential to use encryption whenever possible, be mindful of which websites and emails you access, and avoid using public networks. Estimates show that 35% of exploits involve man-in-the-middle attacks<\/a>.<\/p>

    5. Dictionary, brute-force & password spray attacks<\/h3>

    Cyber attackers use various methods to break into password-protected systems, including dictionary attacks, brute-force attacks, and password spray attacks. A dictionary attack involves systematically entering every word in a dictionary as a password or key to decrypt an encrypted message. On the other hand, a brute-force attack involves automated trial and error by spraying all possible character combinations and lengths into a password field until a match is found. More than 80 percent of breaches involve brute-force<\/a> or the use of lost or stolen credentials.<\/p>

    Meanwhile, password spray attacks, involve hackers trying many common passwords against many different accounts using automated software. To protect yourself, use strong and unique passwords, enable two-factor authentication if available, and avoid using common words or phrases that can be easily guessed.<\/p>

    4. Social engineering<\/h3>

    Social engineering is a cyber attack that exploits human vulnerability rather than system weaknesses. It involves tricking individuals into revealing sensitive information through deception. Threat actors may even impersonate someone else to gain physical or remote access to a target system.<\/p>

    Unfortunately, these attacks are still prevalent in 2022, as approximately one-third of data breaches occur due to social engineering<\/a>. It is important to remain vigilant and cautious of unsolicited communication, verify identities, and practice proper security protocols to avoid falling victim to these attacks.<\/p>

    3. Malware, ransomware & spyware<\/h3>

    Malware is a type of malicious code designed to carry out specific tasks that hackers want, including taking over, using as a gateway, stealing data, or disabling the target’s machine. In 2021, the average organization faced 1,748 attempts to be infected with malware<\/a>. The same trend held true last year, with malware attacks being one of the most popular cyberattack types<\/a>.<\/p>

    Meanwhile, ransomware is a more specific form of malware that infects a machine’s storage and encrypts stored data, demanding payment for decryption. These attacks can be highly profitable for hackers, as organizations often pay the ransom with no guarantee of a successful outcome.<\/p>

    Keyloggers are a type of spyware that captures every keystroke made on a device, allowing malicious actors to access sensitive information such as passwords and credit card numbers. Keylogger spyware is typically installed on a user’s device by clicking on a malicious link or attachment. Protect yourself from keyloggers by using strong and unique passwords for all accounts, as well as enabling two-factor authentication where possible.<\/p>

    2. DoS and DDoS<\/h3>

    DoS and DDoS attacks flood servers or routers with requests, making it impossible for legitimate users to access a website or service. Attackers may use botnets or darknet marketplaces to orchestrate large-scale attacks. Defend against these attacks by having a robust firewall and keeping software up-to-date. These attacks are difficult to defend against, so be vigilant and prepared. According to reports, DDoS attacks grew 150% compared to the year before<\/a>.<\/p>

    1. Phishing & vishing<\/h3>

    Phishing, the list’s leader, tricks users into revealing sensitive information by posing as a legitimate institution. Attackers often use genuine-looking emails that redirect victims to fake websites where they input their actual credentials. Once attackers have the user’s information, they can take over their account, blackmail them, or sell the data on dark web marketplaces.<\/p>

    Vishing, a combination of voice and phishing, tricks victims into revealing confidential information through social engineering tactics. Protect yourself by being suspicious of emails asking you to click on links or download attachments. If in doubt, contact the company directly to verify the email’s legitimacy. Phishing attacks amount to more than 255 million attacks, a 61% increase in the rate of phishing attacks compared to 2021<\/a>.<\/p>

    The top 10 must-take actions to protect your organization from cyberattacks<\/h2>

    With the increasing sophistication of cybercriminals, it’s crucial to take proactive steps to safeguard your organization’s sensitive data and protect it in all ways possible.<\/p>

    Here we’ll explore the top 10 must-take actions to secure your business from cyber incidents. Implementing these measures can significantly reduce the risk of potential financial and reputational damage.<\/p>

    10. Backup your data regularly<\/h3>

    Regularly backing up your data is crucial for protecting your organization against cyber attacks. In the event of a ransomware attack, having backup servers allows you to restore your data without having to pay a ransom.<\/p>

    However, ensuring that your backups are secure and protected from cyber threats is essential. Negligently leaving data backups unprotected in public cloud services can leave them vulnerable to cyber criminals. Organizations can recover quickly from a cyber attack using data backups and maintain business continuity.<\/p>

    9. Have a response plan in place<\/h3>

    Even with all the necessary precautions, it’s impossible to guarantee that a cyber attack won’t happen. That’s why having a well-designed response & risk management plan is crucial to minimize the damage caused by a cyber attack. A comprehensive response plan should include:<\/p>