According to a new report from Palo Alto Networks, the heavy use of software vulnerabilities matches the opportunistic behavior of threat actors who scour the internet for vulnerabilities and weak points on which to focus. The 2022 Unit 42 Incident Response Report offers a multitude of insights gleaned from Unit 42 by Palo Alto Networks extensive incident response (IR) work, leveraging a sampling of over 600 Unit 42 IR cases, to help CISOs and security teams understand the greatest security risks they face, and where to prioritize resources to reduce them.
Finance and real estate were among the industries that received the highest average ransom demands, with an average demand of nearly $8 million and $5.2 million, respectively. Overall, ransomware and business email compromise (BEC) were the top incident types that the Incident Response team responded to over the past 12 months, accounting for approximately 70% of incident response cases.
“Right now, cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web,” said Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks. “Ransomware attackers are also becoming more organized with their customer service and satisfaction surveys as they engage with cybercriminals and the victimized organizations:
Unit 42 has identified that the median dwell time — meaning the time threat actors spend in a targeted environment before being detected — observed for ransomware attacks was 28 days. Ransom demands have been as high as $30 million, and actual payouts have been as high as $8 million. Increasingly, affected organizations can also expect threat actors to use double extortion, threatening to publicly release sensitive information if a ransom isn’t paid.
According to the report, in many cases cybercriminals are simply asking their unwitting targets to hand over their credentials — and getting them. Once they have access, the median dwell time for BEC attacks was 38 days, and the average amount stolen was $286,000.
Unit 42 identified the top affected industries in incident response cases as finance, professional and legal services, manufacturing, healthcare, high tech, and wholesale and retail. Organizations within these industries store, transmit and process high volumes of monetizable sensitive information that attracts threat actors.
