Rethinking Tactics: 2022 Annual Cybersecurity Report

The year 2022 was defined by volatile political conflict and economic instability. The war in Ukraine and the escalating events surrounding the conflict sent shockwaves throughout the globe. For many governments, major enterprises, and even smaller organizations, there were disrupted supply chains, setbacks in critical multinational industries, and economic repercussions. Like many organizations operating in this unstable environment, cybercriminals groups tried to adapt and carry on as usual. In our report on the security landscape of the past year, we show how groups adjusted to modernized enterprise security, shifted to more lucrative corporate targets, and focused on new ways to access victims’ networks.

In the following sections, we discuss corporate tactics that cybercriminals use to keep their business successful amid declining revenue. We dive into ransomware groups specifically and show how modern groups are taking hints from legitimate businesses when it comes to image management and corporate programs.

We also look at the state of vulnerabilities, especially how threat actors entered networks in 2022. We saw that access is key. No matter what type of malicious actor, gaining initial access into a victim’s network is a necessity. These groups learn from each other, and often move in the same manner, just with different end goals. One major security move in 2022 was Microsoft’s decision to block the execution of macros in their Office documents. We look at how this affected threat actor’s initial access tactics, and how criminal groups have adjusted to this move.

Calling back to our mid-year security report, we saw how the attack surface continued to expand, allowing threat actors more avenues for access. We also saw how enterprise patches seemed to be less effective in 2022, an added factor to recurring cybersecurity problems plaguing businesses. Looking deeper into enterprise security, we investigated weak points in serverless computing security since many cloud service providers (CSPs) have been quick to adopt this technology. The past year also saw a rise in malicious actors targeting cloud infrastructure for their cryptocurrency mining, trying to take over more resources for more lucrative mining activities.

This is particularly critical in a time where there is a shortage of cybersecurity experts — many organizations are still seeking skilled security professionals. According to a report by consultation firm McKinsey, there were 3.5 million cybersecurity positions still open1 in the first quarter of 2022. We hope that existing security teams, enterprise leaders, and others can use the information presented in this report to harden their cybersecurity defenses against present threats. A robust and extensive security strategy should be a priority as the attack surface continues to expand and threat actors continue to grow more sophisticated.