Average cost of data breaches expected to surpass US$5 million per incident in 2023

By the end of Q3, the total number of compromised targets published for the main operators in 2022 were as follows:

• LockBit - 1157
• Hive - 192
• BlackCat - 177
• Black Basta - 89

As the main threat actors continue to professionalise their operations, Acronis notes a shift towards more data exfiltration, with most of the large players expanding their targets to macOS and Linux systems, and consideration of cloud environments.

The report also found that phishing attacks and malicious emails are the most effective methods used in data breaches.

See also: Younger consumers in Singapore more receptive towards AI agents

Social engineering attacks jump in the last four months of 2022, accounting for 3% of all attacks. Leaked or stolen credentials – which allow attackers to easily execute cyberattacks and ransomware campaigns – were the cause of almost half of all reported breaches in the first half of 2022.

Besides that, Acronis continues to observe and warn both businesses and home users that new zero-day vulnerabilities and old unpatched ones are the top vector of attack to compromise systems. For instance, a phishing campaign targeted Microsoft users in September by using the news coverage of the passing of Queen Elizabeth II and impersonating "the Microsoft team" to bait recipients into adding memo text onto an online memorial board in September.

“The last few months have proven to be as complex as ever – with new threats constantly emerging and malicious actors continuing to use the same proven playbook for big payouts. Organisations must prioritise all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year. Attackers are constantly evolving their methods, now using common security tools against us – like multi-factor authentication that many companies rely on to protect their employees and businesses,” says Candid Wüest, Acronis VP of cyber protection research.