Ransomware remains the primary type of cyberattack targeting organizations, but the ransomware attack vector has shifted in 2022.

The State of the Threat Report from Secureworks found that cyber vulnerability exploitation in remote services has become the primary initial access vector (IAV) in ransomware attacks over the past year, accounting for 52% of ransomware incidents and overtaking the top spot from credential-based attacks from 2021.

Ransomware continues to remain the primary threat facing organizations, accounting for more than a quarter of all attacks, according to the report. The median detection window for ransomware in 2022 is four and a half days, compared to five days in 2021. The mean dwell time in 2021 was 22 days, but so far in 2022 is down at 11 days.

The exploitation of vulnerabilities in internet-facing systems has become the most common initial access vector observed. This is a change from 2021, when the dominant IAV was the use of stolen or guessed credentials.

As new vulnerabilities are discovered, developers of widely available offensive security tools used by threat actors are quick to incorporate new vulnerabilities into their tools, often meaning that even less sophisticated threat actors are able to exploit new vulnerabilities before security teams can patch.

For more cyber threat information, read the report.