OpenText has just released the results of the OpenText Cybersecurity Threat Report 2023 which explores the latest threats and risks to the small and medium business (SMB) and consumer segments. Powered by the BrightCloud Threat Intelligence Platform, OpenText Cybersecurity’s annual report breaks down a wide range of threat activity, offers insight into observed trends, and discusses far-reaching impacts for industries, countries, businesses and individuals.
Threat actors have doubled down on their longstanding tactics while being innovative with new techniques. One of the notable trends of the past year is the significant increase in concealment of the location of URLs hosting malware and phishing sites. The percentage of malicious URLs hidden behind a proxy or geolocation cloaking service increased by 36% year over year. At the same time, online cybersecurity threats continue to emerge at an alarming rate. New malicious websites are uploaded daily, while legitimate sites are sometimes compromised and co-opted for malicious purposes.
“Cybercriminals, including states, are as active, innovative and effective as ever. There is, however, encouraging news. The decline in malware infections indicates that overall security measures are working,” said Prentiss Donohue, vice president. -Executive Chairman of OpenText Cybersecurity. Recognizing the risks and preparing accordingly with a multi-layered approach to data protection are recommended courses of action for businesses of all sizes.”
The main points of the 2023 report
Malware
- Malware on endpoints continues to decline 16.7% year over year.
- Yet growing geopolitical tensions continue to influence malware campaigns.
- The manufacturing industry remains the first vertical target
- Analyzing the high-risk URLs, we find that on average, each malicious domain hosts 2.9 malware URLs, compared to only 1.9 phishing URLs.
Phishing
- Phishing email is the main infection vector, followed by Remote Desktop Protocol (RDP); RDP was the leading infection vector last year.
- Over a billion unwanted emails are classified as phishing emails.
- Spear phishing email traffic grew by 16.4% and now accounts for approximately 8.3% of all email traffic.
- 55.5% increase in phishing attacks over HTTPS compared to http
Ransomware
- Double extortion through data exfiltration is common in campaigns, with an 84% rate.
- The median amount of payments made for ransomware has risen from $70,000 last year to almost $200,000.
- Ransomware crackdowns have had some success, but have yet to have a significant impact on the overall ransomware threat.
Infection rate
- 28.5% of companies with 21 to 100 protected access points were affected by an infection in 2022.
- For companies with between 1 and 20 endpoints, the rate is 6.4%.
- For companies with between 101 and 500 endpoints, the rate increased to 58.7%.
- And for 501+, the rate is 85.8%.
Geographical distribution
- The 50,000 most active malicious IP addresses come from 164 countries.
- The Netherlands and Germany are among the top five countries, along with the United States, China and Vietnam.
Multi-layered defense
- 40.3% reduction in the number of devices that encountered malware for users who adopted all three layers of protection – Webroot SecureAnywhere, Webroot Security Awareness Training and Webroot DNS Protection – compared to devices using only Webroot SecureAnywhere.
- The data confirms that cyber resilience using a layered defense strategy remains the best defense against today’s cybercrime landscape.
Discover the full 2023 OpenText Cybersecurity Threat report: 2023 Threat Report.