The habits of threat actors have shifted over the last few years, according to new research. Insights from an Arctic Wolf threat report reveal a year of turbulence within the threat actor community as Russia’s invasion of Ukraine disrupted the operations of top ransomware groups and a lack of multi-factor authentication (MFA) drove business email compromise attacks.

The report combines global threat, malware, digital forensics and incident response case data. Findings of note from the report include:

Business email compromise (BEC) attacks accounted for over a quarter (29%) of analyzed incident response cases last year, with the majority (58%) of victim organizations failing to have multi-factor authentication (MFA) enabled.

Russia’s invasion of Ukraine significantly disrupted the activity of threat actor groups in both countries and influenced a 26% year-over-year decline in observed ransomware cases globally.

LockBit established itself as the dominant ransomware group, with the e-crime organization having 248% more victims than BlackCat (ALPHV), the second most active group.

Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continue to be the top two root points of compromise (RPOC) for analyzed incident response cases.