Ransomware and Malware Remain Threats to Businesses, Latest ZeroFox Study Finds

Common threat actors remain top of list in Q2

The landscape of external threats to companies is everchanging, but the Quarterly Threat Landscape Report for Quarter 2, 2022, released by ZeroFox, has identified that ransomware, malware, and social engineering remain significant players.

Social engineering continues to be a persistent form of attack leveraged by threat actors. Its low-cost and high success rate means that it will likely continue as a popular method of reaching unsuspecting victims at scale. Businesses must pay particular attention to social engineering targeting higher profile employees, such as executives, HR personnel, finance personnel, and managers. A major concern with these attacks is the potential of classified information being shared unintentionally, such as secure passwords, or malware being accidentally downloaded from an unsuspecting email attachment or other file.

Malware also remains a top business threat. While the quarter-over-quarter attacks didn’t show an increase in the first half of 2022, it was still one of the most prominent attacks on businesses, and attacks have not slowed down. Industry specific, malware is a growing concern among financial institutions and retail, since these two verticals maintain records that would be valuable to threat actors attempts at identity and financial theft. Another concern that ZeroFox found in Q2 was the rise of fake apps being used to install malware on devices. Individuals using their personal devices for business purposes could inadvertently expose their company through this type of malware attack. Spyware was also making headlines in Q2, raising the concern of this type of malware being utilized by to target high profile individuals within companies to get access to confidential business data.

While the number of ransomware attacks were down in Q2, a ransomware attack still occurred every 11 seconds and the successful incidents showed a larger impact financially for businesses. The hardest hit industries included healthcare, retail, and finance, among others. For more industry specific data on the threat landscape, check out the ZeroFox Quarterly Threat Landscape Report. It appears that threat actors using ransomware as a tactic are finding it harder to elicit payment from their victims, causing more drastic measures to get a response. This includes causing more downtime of corporate websites, software, and infrastructure. While businesses may resolve the problem without giving into the ransom, the reputational and legal repercussions may be just as detrimental.

Initial access brokers, the not so new kid on the block

In 2020, Initial Access Brokers (IABs) became a prevalent entity in cyber attacks. These brokers are organized cybercrime groups that gain access to corporate networks by some sort of attack (often malware or ransomware), then proceed to sell this access to other entities. In Q1 of 2022, the access sales by IABs had drastically reduced compared to 2021. However, Q2 saw a spike of these attacks again. While the attacks are nothing compared to the numbers seen in 2021, businesses need to stay aware of these threat actors.

The financial industry was the hardest hit in Q2 as it offered the most financial gain. It’s important to know that IABs will follow the money, targeting industries that offer the biggest financial reward. While financial institutions were the hot target in Q2, a new target could emerge at any point.

It’s also becoming increasingly more difficult to identify these IABs. Many Russian IAB groups were identified at the beginning of the Ukraine invasion, bringing IABs to the public eye and forcing groups to find more private ways to do business. This will likely become the norm and pose an additional challenge to businesses working to keep these groups away from their network.

Protecting your business against top external threats

Social Engineering

Cybercriminals use social engineering in 98% of attacks and the best thing you can do to safeguard against social engineering threats is to educate your employees. This will help them and your business. Provide trainings on password best practices, identifying phishing scams, and knowing when attachments shouldn’t be opened. Providing employees with protection tools, such as IDX’s Privacy product can also help protect them from potential threats.

Malware and Ransomware

The first line of defense against these threats is to bolster protection on both your network and outside the corporate perimeter. Make sure to create and update any defensive systems you have in place, blacklist network infrastructure as appropriate and make sure to have back-ups of all critical data. Furthermore, have a strong external cybersecurity solution that exposes and disrupts attackers before they can cause significant damage. The second line of defense is to have a solid data breach response plan in place. If you are hit by an attack, you do not want to be caught without a plan to remedy the situation. You will also want to make sure your breach disclosure obligations are current with the latest rules and regulations. The US just passed the Strengthening American Cybersecurity Act in March of 2022 which may change cybersecurity obligations.

Initial Access Brokers

When it comes to protecting against IABs, maintaining basic security strategies is one of your best tactics. These include requiring two-factor authentication on devices, ensuring software is up-to-date, scanning for early signs of network breaches, and using a zero-trust principle when configuring devices.

Learn more in the QTLR

As your organization prepares for potential breaches, understanding the threat landscape is critical. Threat actors are constantly evolving, but certain tactics like ransomware, malware, and social engineering remain prominent tools to target organizations. The combined value of ZeroFox and IDX provides organizations with visibility and intelligence into the threat landscape to help organizations prepare for potential external cyber attacks, with the proven response and remediation services to take action if and when a breach occurs. But before any of that, you need to understand what you’re up against. Download the latest threat landscape report for a full look at the external attack surface here.