Nearly half of all breaches during first half of 2022 involved stolen credentials - report

Acronis has released its mid-year cyberthreats report, detailing trends the business is tracking

Cyber attackers sent hundreds of malicious emails during the first half of 2022 as nearly 50 per cent of all breaches in the period involved stolen credentials.

That is according to Acronis, which says cybercriminals are increasing their focus on MSPs and their network of SMB customers.

The cybersecurity company has released its mid-year cyberthreats report, detailing trends the business is tracking.

It found that nearly half of all reported breaches during the first half of 2022 involved stolen credentials, which enable phishing and ransomware campaigns.

Figures show 600 malicious email campaigns made their way across the internet in the first half of the year, with 58 per cent of them phishing attempts.

Another 28 per cent of those emails featured malware.

"The business world is increasingly distributed, and in Q2 2022, an average of 8.3 per cent of endpoints tried to access malicious URLs," Acronis said.

"To extract credentials and other sensitive information, cybercriminals use phishing and malicious emails as their preferred infection vectors.

"Moreover, the research reveals how cybercriminals also use malware and target unpatched software vulnerabilities to extract data and hold organisations hostage."

It says companies like Microsoft, Google, and Adobe have emphasised software patches and transparency around publicly submitted vulnerabilities.

Acronis believes these patches likely helped stem the tide of 79 new exploits each month.

It also found more cybercriminals are focusing on cryptocurrencies and decentralised finance (DeFi) platforms, with figures showing cyberattacks have contributed to a loss of more than $60bn in DeFi currency since 2012.

"Successful breaches using these various routes have resulted in the loss of billions of dollars and terabytes of exposed data," Acronis said.

It's VP of cyber protection research Candid Wüest felt cyberthreats are "constantly evolving and evading traditional security measures".

He added: "Organisations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities. Cybercriminals are becoming too sophisticated and the results of attacks too dire to leave it to single-layered approaches and point solutions."