2022 Annual Report

2022 Annual Report

insikt-group-logo-updated-3-300x48.png
Note de la rédaction : Ceci est un extrait d'un rapport complet. Pour lire l'analyse complète avec les notes de fin, click here to download the report as a PDF.

The annual report surveys the threat landscape of 2022, summarizing a year of intelligence produced by Recorded Future’s threat research team, Insikt Group. We analyze global trends and evaluate significant cybersecurity events, geopolitical developments, vulnerability disclosures, and more, providing a broad, holistic view of the cyber threat landscape in 2022.

Executive Summary

The physical conflict in Ukraine, and the effects it has had on the cyber threat landscape throughout 2022, frames our discussion of significant cyber threat events and geopolitical trends that occurred in 2022 and underscores the increased convergence of the cyber and geopolitical threat landscape.

Before and throughout the physical invasion, Recorded Future has observed increased instances of distributed denial-of-service (DDoS) attacks, hacktivist activity, and the widespread deployment of wiper malware. And while Russia’s invasion of Ukraine dominated the discussion of kinetic and cyber-hybrid operations, threat actors affiliated with other prominent nation-states, specifically Iran, China, and North Korea, carried out cyberattacks throughout the year, informed by an era of heightened geopolitical tension, competition, and politically charged affiliations.

We also analyzed cyber threat events across the broader threat landscape, including those carried out by cybercriminal groups. While phishing campaigns and ransomware attacks continue to plague organizations across industries and geographies, Recorded Future identified a 600% increase in the number of credentials sold via information stealing malware between Q1 and Q4, a significant year-over-year increase in targeting of software frequently used in organizations’ supply chains, and a shift toward an increasingly managed service model as “as-a-service” offerings proliferated on dark web marketplaces and underground forums. Initial access brokers are increasingly active, likely due to the increased use of infostealer malware and the ability to monetize stolen data.

The effective use of infostealers often relies on the successful exploitation of vulnerabilities. Notable vulnerability-related trends in 2022 included ransomware and Chinese state-sponsored threat actors rapidly exploiting zero-day vulnerabilities, the ongoing exploitation of Log4Shell across all quarters in 2022, and the impact of Microsoft’s oscillation about the automatic disablement of macros.

Finally, ransomware remained an ever-present threat in 2022. While certain ransomware gangs disbanded, others were quick to assert their dominance and used their significant resources to undertake campaigns against organizations of all sizes across industries. Although ransomware payments decreased by about 60% between 2021 and 2022, likely due to increased guidance from governments to forgo making ransomware payments and increased due diligence on cybersecurity standards from insurance companies when underwriting policies for ransomware attacks, ransomware will continue to pose a major threat to organizations throughout 2023.

Key Takeaways