Arctic Wolf Threat Report Highlights Broad Attack, Innovative Tactics

Arctic Wolf, a global leader in security operations, published its annual Arctic Wolf Labs Threat Report. Insights today. The report reveals a year of turbulence within the threat actor community as Russia’s invasion of Ukraine disrupted the operations of top ransomware groups, a lack of multi-factor authentication (MFA) drove business email compromise attacks and the long tail of Log4Shell and ProxyShell continue to be exploited en masse more than a year after their initial disclosure.

Created with global threat, malware, digital forensics and incident response case data that Arctic Wolf collects across the entire security operations framework, the Arctic Wolf Labs Threat Report explores the company’s deep and differentiated view into the cybercrime ecosystem, highlights key threat trends and research from 2022, and makes insightful predictions and strategic cybersecurity recommendations for the year ahead.

Findings of note from the Arctic Wolf Labs Threat Report include:

  • Business Email Compromise (BEC) attacks accounted for over a quarter (29 percent) of Arctic Wolf’s incident response cases last year, with the majority (58 percent) of victim organizations failing to have multi-factor authentication (MFA) enabled.
  • Russia’s invasion of Ukraine significantly disrupted the activity of threat actor groups in both countries and influenced a 26 percent year-over-year decline in observed ransomware cases globally.
  • LockBit established itself as the dominant ransomware group, with the e-crime organization having 248 percent more victims than BlackCat (ALPHV), the second most active group.
  • Despite being initially disclosed in 2021, vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continue to be the top two root points of compromise (RPOC) for Arctic Wolf’s incident response cases.

“Arctic Wolf’s global scale and expansive solution set provides Arctic Wolf Labs with access to trillions of weekly security events that not only enable us to deliver positive security outcomes for our customers, through better detections and AI models but also allow us to publish truly novel threat research to the security community-at-large,” said Daniel Thanos, vice-president and head, Arctic Wolf Labs.

“We believe the insight and recommendations contained in the Arctic Wolf Labs Threat Report are essential reading for both IT decision-makers and cybersecurity practitioners looking to better understand the complex threat landscape so that they can best defend their most valuable assets from cyberattacks,” Thanos continued. “Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defenses, which means that organizations need to advance their threat protection beyond the basics to secure their data.”

Arctic Wolf Labs brings together Arctic Wolf’s elite security researchers, data scientists, and security development engineers together with a unified goal to help end cyber risk for organizations around the globe. Leveraging the more than 3 trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches, and analyzes each week, Arctic Wolf Labs is responsible for deliver cutting-edge threat research on new and emerging adversaries and leveraging machine learning and artificial intelligence to create advance threat detection models that drive continuous improvement in the speed, scale, and detection efficacy of Arctic Wolf’s security operations solutions.

For additional insights from the 2023 Arctic Wolf Labs Threat Report, visit arcticwolf.com to download the full report.