Posted on January 16, 2023.

Ransomware attacks and business email compromise remain two of the biggest cyber security threats that businesses must face in 2023.

The average cost of a data breach rose again in 2022, according to IBM. A data breach in the United States typically now costs more than $9.4 million. Cyber attackers spared no one in 2022, successfully breaching public utilities, government networks, small businesses and S&P 500 companies.

All signs are that these malicious actors will continue to keep up the pressure in the new year, underscoring the need for businesses to harden their security infrastructure and business processes. We’ll review the state of ransomware attacks and business email compromise in 2023 below.

What is ransomware?

Ransomware is malicious software that blocks access to a computer system or its data until a sum of money is paid. It often appears as an email attachment, but ransomware can also be embedded in websites, downloaded through links and even delivered via SMS messaging.

These attacks are typically coordinated among ransomware groups. Ransomware groups are loosely distributed networks, so it can be difficult for law enforcement agencies to root them out. They often seek to target businesses and organizations, because they have more money at stake than private individuals.

There were a number of notable ransomware attacks in 2022. The Costa Rica ministry of finance and social security funds were hit by successive attacks in April and May, from two separate groups. The second attack forced the government to take its healthcare systems offline in order to respond to the threat, which disrupted care for everyday citizens.

In February, attackers reported that they had successfully exfiltrated 1 terabyte of data from Nvidia, the largest microchip manufacturer in the United States. The group behind the attack had a series of unusual demands, including feature requests for certain chips.

Earlier in January, ransomware attackers forced the government of Bernalillo County, New Mexico to take all of its systems offline. This included a jail. Shutting down the computer systems at the jail caused the electronic locking mechanisms on its cell doors to fail, and jail officials had to scramble to find a solution, which involved severely restricting the movement of inmates.

What is business email compromise (BEC)?

The weak point of any business is often not its technical infrastructure or its software, but rather its people. Business email compromise (BEC) is an increasingly common form of social engineering attack.

The goal of these attackers is typically to gain access to sensitive information or financial accounts and either directly steal funds or leverage confidential data. BEC attacks are usually hard to detect because they’re based on an attacker impersonating an executive or third-party vendor and sending convincing messages that appear legitimate.

It doesn’t matter how effectively an enterprise has hardened its technical infrastructure in a BEC situation. If someone at the business clicks on a link or responds to a convincing email, that might be all the attacker needs to gain access.

In March 2022, attackers socially engineered Mailchimp employees into handing over the credentials of 319 customer accounts. The attackers exported the mailing lists of 102 of those accounts and sent them phishing emails, which caused a number of “downstream” issues. In one example, the attackers sent phishing emails to customers of the cryptocurrency wallet Trezor, which allowed the attackers to hijack the customers’ wallets.

Later that year, in a twist on the typical business email compromise scenario, attackers used SMS to compromise the telecommunications API provider Twilio, exposing the sensitive data of around 1,900 customers.

Ransomware attacks slow in late 2022, but remain a looming threat

After a very active start to the year, ransomware attacks declined by 10.5% in Q3, according to the threat intelligence company Digital Shadows. The company credits the drop in ransomware activity to a few factors, but primarily the dissolution of the Conti ransomware group, once the most prolific ransomware network globally.

Although no single group has stepped up to take Conti’s place in the ransomware ecosystem, Digital Shadows reports that 12 new data leak sites sprung up in Q3. This hints that while we might be seeing a lull in ransomware attacks for now, it might be short-lived.

Business email compromise continues to rise throughout 2022

Researchers from the cloud security firm Abnormal Security reported a 150% rise in business email compromise cyberattack attempts in 2022.

No industry was spared from BEC attempts, but advertising and marketing agencies were at the highest risk. Those companies have an 83% chance of being the recipient of a BEC attack on any given week.

Whereas ransomware typically involves high-profile attacks, small businesses were at the highest risk of BEC attacks in 2022. Organizations with fewer than 5,000 employees averaged 1.65 attacks per 1,000 mailboxes, according to Abnormal Security.

In contrast, organizations with more than 50,000 employees received just 0.45 BEC attacks per 1,000 mailboxes. This indicates that attackers aren’t picky about the targets they choose with BEC and that they might even prefer smaller businesses.

Benefits of hardening your cyber security posture

As the old adage goes, “if you fail to prepare, prepare to fail.”  Businesses can take steps to protect themselves against ransomware and BEC attacks, including:

  • Educating employees about the threats and training them on information security best practices.
  • Implementing practices like Multi-factor Authentication (MFA) to prevent credential theft and access to sensitive data.
  • Regularly backing up data that could be compromised in an attack.

By taking these measures — and others — enterprises can harden their cybersecurity posture and reduce their risk of ransomware or business email compromise attacks.

The benefits of taking the steps above can pay additional financial dividends. The conditions of acquiring cyber insurance typically include having implemented the processes outlined above, so it can save you some additional money. If your business or organization needs help hardening its defenses, contact us for a quick, no-hassle review of your cybersecurity posture.