The recently published annual Arctic Wolf Labs Threat Report reveals a year of turbulence within the threat actor community as Russia’s invasion of Ukraine disrupted the operations of top ransomware groups, a lack of multi-factor authentication (MFA) drove business email compromise attacks, and the long-tail of Log4Shell and ProxyShell continues to be exploited en masse more than a year after their initial disclosure.

Created with global threat, malware, digital forensics and incident response case data collected by Arctic Wolf across the entire security operations framework, the report highlights key threat trends and research from 2022, and makes predictions and strategic cybersecurity recommendations for the year ahead.

“We believe the insight and recommendations contained in the Arctic Wolf Labs Threat Report are essential reading for both IT decision-makers and cybersecurity practitioners looking to better understand the complex threat landscape so that they can best defend their most valuable assets from cyberattacks,” said Daniel Thanos, vice-president and head, Arctic Wolf Labs. “Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defenses, which means that organizations need to advance their threat protection beyond the basics to secure their data.”

Key highlights from the report include:

  • Business Email Compromise (BEC) attacks accounted for 29% of Arctic Wolf’s incident response cases last year, with the majority (58%) of victim organizations failing to have multi-factor authentication (MFA) enabled.
  • Russia’s invasion of Ukraine significantly disrupted the activity of threat actor groups in both countries and influenced a 26% year-over-year decline in observed ransomware cases globally.
  • LockBit established itself as the dominant ransomware group, with the e-crime organization having 248% more victims than BlackCat (ALPHV), the second most active group.
  • Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continue to be the top two root points of compromise (RPOC) for Arctic Wolf’s incident response cases.