The OpenText Cybersecurity annual report breaks down a broad range of threat activity, offers insight into the trends observed, and discusses wide-reaching impacts for industries, geographies, companies and individuals.
Threat actors doubled down on longstanding tactics while demonstrating innovation with new techniques. One notable trend from the past year was a significant increase in concealing the location of URLs hosting malware and phishing sites.
The percentage of malicious URLs hidden behind a proxy or geolocation-masking service increased 36% year-over-year (YoY). Meanwhile, online cybersecurity threats continue to emerge at an alarming pace. New malicious websites come online daily, while legitimate sites are occasionally compromised and co-opted for nefarious purposes.
“Cyber bad actors, including nation-state players, continue to be persistent, innovative and effective. There is, however, some encouraging news. A decline in malware infections indicates comprehensive security measures are effective,” said Prentiss Donohue, Executive Vice President, OpenText Cybersecurity.
“Cybercriminals are equal opportunity offenders. Acknowleding risks and preparing accordingly with a mulitlayered approach to protecting data are recommended courses of action for businesses of every size.”
Key highlights from this year’s report include:
- Malware on endpoint continues to decline 16.7% YoY
- Rising geopolitical tensions continue to influence malware campaigns
- Manufacturing remains the #1 targeted industry vertical
- Analyzing high-risk URLs, on average, each malicious domain hosted 2.9 malware URLs, compared to only 1.9 phishing URLs
- Email phishing is the primary vector for infection followed by remote desktop protocol (RDP); RDP was #1 last year
- Over 1 billion unwanted emails classified as phishing
- Spear phishing email traffic increased 16.4% YoY and now accounts for approximately 8.3% of all email traffic
- 55.5% year-over-year increase in HTTPS vs HTTP phishing attacks
- Double extortion from data exfiltration is commonplace in campaigns at a rate of 84%
- Median ransomware payments meteor spike to almost $200k; up from $70k last year
- Law enforcement crackdowns on ransomware saw some success but have yet to make a large impact on the overall threat ransomware poses
- 28.5% of businesses with 21-100 protected endpoints encountered an infection in 2022
- For businesses between 1-20 endpoints, the rate is 6.4%
- For businesses between 101-500 endpoints the rate rose to 58.7%
- And for 501+ the rate was 85.8%
- The top 50,000 most-active malicious IP addresses originated from 164 countries
- The Netherlands and Germany made it into the top five, along with the US, China and Vietnam
- 40.3% reduction in the number of devices that encountered malware for users who adopted all three layers of protection — Webroot SecureAnywhere, Webroot Security Awareness Training, and Webroot DNS Protection — versus devices using Webroot SecureAnywhere alone
- Data confirms, cyber resilience using a layered defense strategy remains the best defense against today’s cybercrime landscape