The Asia-Pacific region had the dubious distinction of being the global region that faced the most cyberattacks during 2022, as observed by IBM’s threat intelligence platform.
IBM says the region accounted for 31% of all incidents monitored during 2022, putting it slightly ahead of Europe at 28% and North American at 25%.
The numbers come from an annual report detailing the threat landscape. It finds that Asia-Pacific – specifically Japan – was the epicenter of a spike of Emotet malware that coincided with Russia’s February 2022 invasion of Ukraine. Cybersecurity researchers say cybercriminals took advantage of the war to lure victims into opening malicious attachments. As IBM writes, Emotet is delivered mainly through spam campaigns that use attention-grabbing headlines.
The company observed a drop in Asia-Pacific ransomware activity, attributing the decline to organizations’ increased ability to detect backdoors before ransomware was deployed. Charles Henderson, global head of IBM Security X-Force, said a shift toward detection and response “allowed defenders to disrupt adversaries earlier in the attack chain – tempering ransomware’s progression in the short term.”
Henderson warns that the trend may not hold due to attackers’ ability to find new ways to evade detection. The slowdown in ransomware infections did not affect extortion attempts, as threat actors used other ways, such as business email compromise and threats of distributed denial-of-service attacks, to extort victims. In the Asia-Pacific region, extortion was the most common impact of a cyber incident, ahead of threats to brand reputation and data theft.
Threat actors in 2022 also attempted a new tactic to extort organizations: making stolen data more accessible to downstream victims. “By bringing customers and business partners into the mix, operators increase pressure on the breached organization. Threat actors will continue experimenting with downstream victim notifications to increase the potential costs and psychological impact of an intrusion,” IBM says.
Threat actors relied heavily on spear-phishing in 2022 as the initial access vector, but they did not lose sight of vulnerability exploitation, which accounted for one-quarter of cyberattacks worldwide, according to IBM data.
Vulnerability exploitations had a lower impact worldwide compared to 2021, when Log4j flaws propelled a 34% increase in exploitation attempts compared to 2020. The technology giant pointed to a 26% reduction in the proportion of known, viable exploits to reported vulnerabilities but warned that threat actors can quickly change the script by exploiting older vulnerabilities that are no longer considered a threat.
One trend IBM noticed was a resurgence in WannaCry ransomware traffic. The ransomware cryptoworm that caused a global high-alert incident in May 2017 spreads by using EternalBlue, a Windows operating system exploit developed by the U.S. National Security Agency. At least some of the WannaCry traffic picked up by IBM was the result of old infections that occurred on unpatched equipment.
“The continued use of older exploits highlights the need for organizations to refine and mature vulnerability management programs, including better understanding their attack surface and risk-based prioritization of patches,” IBM says.