Report

2022 State of the Threat Report

Cyber threats have taken over 2022 and they show no sign of stopping. In this report, we explore some of the most recent, hard-hitting cyberattacks.


2022 State of the Threat: A Year in Review

Secureworks Research Exposes the Stories Behind the Headlines

2022 Stateof the Threat

Get the Report

All fields are required.
 

Key Findings from State of the Threat

  • This 40+ page report comprehensively examines cybersecurity events from the end of June 2021 through June 2022. These events have been heavily influenced by escalating tensions in eastern Europe and the Middle East, a steady stream of critical vulnerabilities, and public leaks exposing the inner workings of organized cybercriminal ransomware gangs.
  • Based on insights from customer telemetry, incident response, underground monitoring, proactive threat research and intelligence relationships, CTU™ researchers observed the following high-level trends across the threat landscape:
01

Ransomware remains the number one threat for most organizations

02

Lightweight, disposable malware loaders emerged in 2022

03

Infostealer malware contributed to the sale of over two million credentials in one marketplace

04

Exploitation of remote services replaced credential-based access as the most common initial access vector

05

Nation-state activity has developed a more regional focus

06

Defense evasion remains unsophisticated — providing valuable detection opportunities

How Secureworks Created State of the Threat

CTU researchers analyze trillions of security events every week, gathered from the Taegis XDR platform. Combined with data processed through Taegis VDR, proactive research, and insights gathered through Secureworks Incident Response engagements, this report represents one of the most comprehensive views of the threat landscape.

Download the report now for a detailed visualization of the threats the CTU team has come across, the intelligence gathered from these engagements, and advice on securing your most valuable business assets.

1,400+

proactive and reactive incident response engagements per year

470B+

events per day processed by Taegis

1,260

combined years of work experience in the CTU team

2024 State of the Threat: A Year in Review

Fortify your defenses by understanding the latest intelligence and top threats facing organizations this year.

2024 State of the Threat

Get the Report

By submitting this form you acknowledge that you have read and understood Sophos Privacy Notice.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 

Global Threat Intelligence Summit 2024

Learn from Secureworks threat experts directly with on-demand recordings and conversations from the 2024 Global Threat Intelligence Summit, where you can engage in even greater insights on today’s most critical threats.

Start watching now

Key Findings: State of the Threat

  • This 70+ page report comprehensively examines cybersecurity events from July 2023 to the end of June 2024. These events reflect the continued evolution of ransomware and other threat tactics, including significant takedowns of core ransomware groups and the subsequent fragmentation and creation of new groups; AiTM and AI as growing threats; and the continued influence of state-sponsored threat groups and hacktivist activity.
  • Based on insights from customer telemetry, incident response, underground monitoring, proactive threat research, and intelligence relationships, CTU™ research observed the following trends in the threat landscape:

March 2024 saw the highest number of ransomware schemes listing victims. Dwell times remain low, with the shortest observed at just under 7 hours.

Scan-and-exploit and stolen credentials remain top IAVs in ransomware attacks, accounting for nearly 72% of known IAVs.

Adversary in the Middle phishing kits are increasingly used to bypass MFA. Using phishing-proof MFA is now vital.

Law enforcement targeting of ransomware groups caused disruption and fragmentation, prompting new threat actor behaviors.

Hacktivists continue to conduct denial of service or web site defacement campaigns against organizations linked to conflict zones.

State-sponsored threat groups use obfuscation networks, LOTL techniques, and commodity tools to frustrate detection and attribution.

Defense basics (MFA, patching, XDR) remain key. One or more were absent in >50% of Secureworks incident response engagements.

AI lends efficiency more than complexity for cybercriminals, boosting the volume and impact of cyberattacks.

What Informs Secureworks State of the Threat

The Secureworks view of the threat landscape comes from a combination of telemetry from the Taegis platform; incident response and Secureworks Adversary Group customer engagements; privileged source intelligence and industry relationships; dark web surveillance; and technical and tactical research conducted by the CTU, including extensive use of botnet emulations.

Download the report now for a detailed visualization of the threat landscape and actionable, pragmatic advice on how to secure your most valuable business assets.

5 Trillion+

event logs processed by Taegis every week of the year

50K

investigations a year via Incident Response and the Taegis platform

Unique

botnet emulation capabilities, giving us a threat actor’s eye view of the threat landscape