Report shines a light on the significant impact ransomware, business email compromise, and unpatched vulnerabilities continue to have on organizations of virtually any size
EDEN PRAIRIE, MN – March 23, 2022 – Arctic Wolf®, a global leader in security operations, today published its annual Arctic Wolf Labs Threat Report. Insights from the report reveal a year of turbulence within the threat actor community as Russia’s invasion of Ukraine disrupted the operations of top ransomware groups, a lack of multi-factor authentication (MFA) drove business email compromise attacks, and the long-tail of Log4Shell and ProxyShell continues to be exploited en masse more than a year after their initial disclosure.
Created with global threat, malware, digital forensics, and incident response case data that Arctic Wolf collects across the entire security operations framework, the Arctic Wolf Labs Threat Report explores Arctic Wolf’s deep and differentiated view into the cybercrime ecosystem, highlights key threat trends and research from 2022, and makes insightful predictions and strategic cybersecurity recommendations for the year ahead.
Findings of note from the Arctic Wolf Labs Threat Report include:
- Business Email Compromise (BEC) attacks accounted for over a quarter (29%) of Arctic Wolf’s incident response cases last year, with the majority (58%) of victim organizations failing to have multi-factor authentication (MFA) enabled.
- Russia’s invasion of Ukraine significantly disrupted the activity of threat actor groups in both countries and influenced a 26% year-over-year decline in observed ransomware cases globally.
- LockBit established itself as the dominant ransomware group, with the e-crime organization having 248% more victims than BlackCat (ALPHV), the second most active group.
- Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continue to be the top two root points of compromise (RPOC) for Arctic Wolf’s incident response cases.
“Arctic Wolf’s global scale and expansive solution set provides Arctic Wolf Labs with access to trillions of weekly security events that not only enable us to deliver positive security outcomes for our customers, through better detections and AI models but also allow us to publish truly novel threat research to the security community-at-large,” said Daniel Thanos, vice-president and head, Arctic Wolf Labs. “We believe the insight and recommendations contained in the Arctic Wolf Labs Threat Report are essential reading for both IT decision-makers and cybersecurity practitioners looking to better understand the complex threat landscape so that they can best defend their most valuable assets from cyberattacks. Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defenses, which means that organizations need to advance their threat protection beyond the basics to secure their data.”
Arctic Wolf Labs brings together Arctic Wolf’s elite security researchers, data scientists, and security development engineers together with a unified goal to help end cyber risk for organizations around the globe. Leveraging the more than three trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes each week, Arctic Wolf Labs is responsible for deliver cutting-edge threat research on new and emerging adversaries and leveraging machine learning and artificial intelligence to create advance threat detection models that drive continuous improvement in the speed, scale, and detection efficacy of Arctic Wolf’s security operations solutions.
For additional insights from the 2023 Arctic Wolf Labs Threat Report, visit arcticwolf.com to download the full report.
- Join the conversation with Arctic Wolf on Facebook, Twitter, LinkedIn, and YouTube
- Visit arcticwolf.com to learn more about our security operations solutions
- If you’re ready to get started, request a demo, get a quote, or conduct a Security Operations Maturity Assessment
- Want to join Arctic Wolf’s Partner Program? Apply today
About Arctic Wolf:
Arctic Wolf® is a global leader in security operations, enabling customers to manage their cyber risk in the face of modern cyber attacks via a premier cloud-native security operations platform. The Arctic Wolf Security Operations Cloud ingests and analyzes more than three trillion security events a week to help enable cyber defense at an unprecedented capacity and scale, empowering customers of virtually any size across a wide range of industries to feel confident in their security posture, readiness, and long-term resilience. By delivering automated threat protection, response, and remediation capabilities, Arctic Wolf delivers world-class security operations with the push of a button so customers can defend their greatest assets at the speed of data.
© 2023 Arctic Wolf Networks, Inc., All Rights Reserved. Arctic Wolf, Arctic Wolf Platform, Arctic Wolf Managed Detection and Response, Arctic Wolf Managed Risk, Arctic Wolf Managed Cloud Monitoring, Arctic Wolf Managed Security Awareness, and Arctic Wolf Concierge Security Team are either trademarks or registered trademarks of Arctic Wolf Networks, Inc. or Arctic Wolf Networks Canada, Inc. and any subsidiaries in Canada, the United States, and/or other countries.