Phishing and the use of MFA fatigue attacks, an extremely effective method used in high-profile breaches, are two forms of cyber attacks on the rise. A report, conducted by Acronis’ cyber protection operation center, provided an in-depth analysis of the cyber threat landscape in MEA. This included ransomware threats, phishing, malicious websites, software vulnerabilities and a security forecast for 2023.
Of note, the report, titled: Acronis Cyber Protection Operation Center Report: Cyberthreats in the second half of 2022 – Data under attack, found that threats from phishing and malicious emails have increased by 60 per cent. Additionally, the average data breach cost is expected to reach $5million by next year.
The research team who authored the report also saw social engineering attacks jump in the last four months. This accounted for three per cent of all attacks. Leaked or stolen credentials allow attackers to easily execute cyberattacks and ransomware campaigns. These were the cause of almost half of the reported breaches in H1 2022.
“The last few months have proven to be as complex as ever. Especially with new threats constantly emerging and malicious actors continuing to use the same proven playbook for big payouts,” said Candid Wüest, Acronis VP of cyber protection research. “Organisations must prioritise all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year. Attackers are evolving, using some of the tools, like MFA, that we rely on to protect our employees and businesses against us.”
Middle East and Africa cybersecurity landscape
As the Middle East region continues to grow its digital ecosystem, solid cybersecurity strategies remain a top priority on the back of heightened data breaches. According to security analysts, breaches reported in the Kingdom of Saudi Arabia, for example, could reach an average of $7million. This is a result of the country continuing to report one out of five attacks to be ransomware.
The average cost of ransomware attacks is increasing every year. Factors such as weak credentials, phishing emails, and unpatched vulnerabilities remain the top cyber-attacking vectors. In the UAE, targeted organisations lost over $1.4million in ransomware. This forced over 40 per cent of the impacted companies to shut down. Following this worrying trend, the UAE Cyber Security Council announced the adoption of stringent cybersecurity standards. It hopes these will safeguard the country’s digital space.
Ranked as the sixth-most dense region for cybercrime in the world, cybercrime victims in South Africa surged from 14.1 victims per one million internet users in 2019 to 50.8 victims in 2020. Most recently, the country enacted its cybersecurity act. It clearly defines cybercrimes in a bid to effectively regulate and prosecute them.
In Kenya and Nigeria, financial phishing attempts rose significantly in Q1 and Q2 of 2022 as banks, online payment systems, and e-commerce websites were targeted. In Kenya, over 100,000 financial phishing attacks were detected – a 201 per cent increase compared to Q1 and Nigeria has reported over 61,000 financial phishing attacks, representing an increase of 79 per cent compared to Q1.
Report highlights: Threat landscape sees new challenges
As security tactics and the technologies associated with them evolve, so do the threat actors trying to break into organisations and their ecosystems. The constant feed of ransomware, phishing and unpatched vulnerabilities demonstrates how crucial it is for businesses to reevaluate their security strategies.
Ransomware continues to worsen:
- Ransomware continues to be the number one threat to enterprises and businesses including government, healthcare and organisations in other sectors.
- Each month in the second half of this year, ransomware gangs were adding 200-300 new victims to their combined list.
- The market of ransomware operators was dominated by four to five players. By the end of Q3 the total number of compromised targets published for the main operators in 2022 were as follows:
- LockBit – 1157
- Hive – 192
- BlackCat – 177
- Black Basta – 89
- 576 publicly mentioned ransomware compromises in Q3, a slight increase from Q2.
- The number of ransomware incidents decreased slightly in Q3, after a high during the summer months. From July to August, Acronis saw a 49 per cent increase in blocked ransomware attacks globally. This was followed by a decrease of 12.9 per cent in September and 4.1 per cent in October.
- There is a shift towards more data exfiltration as the main actors are continuing to professionalize their operations. Most of the large players have expanded to MacOS and Linux and are also looking at the cloud environment.
Phishing and malicious emails remain successful for threat actors:
- The most-attacked countries in terms of malware per user in Q3 of 2022 were South Korea, Jordan and China.
- An average of 7.7 per cent of endpoints tried to access some malicious URLs in Q3 2022, slightly reduced from 8.3 per cent in Q2.
- The country with the most clients experiencing malware detections in October 2022 was the United States with 22.1 per cent, followed by Germany with 8.8 per cent and Brazil with 7.8 per cent which are very similar to the Q2 numbers. Except for US and Germany which had a small increase, especially in financial trojans.
- Spam rates have increased by over 15 per cent — reaching 30.6 per cent of all inbound traffic.
- Email-borne attacks are targeting virtually all industries. By analysing the top 50 most attacked organisations, it seems that the most attacked industries are:
- Real estate
- Professional Services (Services and computers and IT)
- Between July and October 2022, the proportion of phishing attacks has risen by 1.3x reaching 76 per cent of all email attacks (up from 58 per cent in H1 ‘2022). This rise is at the expense of the proportion of malware attacks.
Unpatched vulnerabilities prove fruitful into the second half of the year:
- Acronis continues to see and warn businesses and home users that new zero-day vulnerabilities and old unpatched ones are the top vector of attack to compromise systems.
- While software vendors try to keep up and release patches regularly, quite often it is still not enough. A lot of attacks succeed due to unpatched vulnerabilities.
- Another phishing campaign targeting Microsoft did impersonate “the Microsoft team”. It tried to bait the recipients into adding their memo text onto an online memorial board “in memory of Her Majesty Queen Elizabeth II” when she passed away in September.
- Another large-scale phishing campaign was spotted targeting credentials for Microsoft’s M365 email services. It is aimed at fintech, lending, accounting, insurance, and Federal Credit Union organisations in the US, UK, New Zealand, and Australia.