7 Cybercrime Trends That Impact 2022 Security
Be Ready for What’s Next By Watching These 7 Cybercrime Trends
The growth and evolution of cybercrime in the last year has been rapid. Major cyberattacks, like malware and business email compromise, are more frequent and more expensive than ever. Phishing continues to become more sophisticated and harder to detect while nation-state cybercrime is expanding its scope, menacing businesses in every sector. This surge of cyber risk has created complex challenges for IT professionals. Building strong, resilient defenses that are ready to handle anything has never been more important and a good defense starts with good threat intelligence. That includes being aware of the trends that shaped today’s picture to see how they’ll shape tomorrow’s.
Excerpted in part from The Global Year in Breach 2022. DOWNLOAD IT>>
Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>
7 Cybercrime Trends to Follow
These trends shaped the risk landscape in 2021 and we anticipate they will continue to exert a strong influence in 2022.
1. Nation-state cyberattacks are escalating
Today’s nation-state threat actor isn’t just concentrating their fire on government and military targets. Instead, they’re coming for private enterprises of all sizes. An estimated 90% of nation-state cybercriminal groups regularly conduct operations against enterprises.
| Targets of nation-state cyberattacks | % of total attacks recorded |
| Enterprises | 35% |
| Cyber Defense Assets | 25% |
| Media & Communications | 14% |
| Government Bodies | 12% |
| Critical Infrastructure | 10% |
| Other | 4% |
Source: Dr. Mike McGuire and HP, Nation States, Cyberconflict and the Web of Profit
In the 2021 Microsoft Digital Defense Report, the company shared valuable insight on the activities of nation-state cybercriminals in 2021 and how their attack patterns are evolving, offering a look at what to expect as 2022 progresses.
- The four major players that threaten businesses the most are Russia, Iran, North Korea and China.
- About 58% of all nation-state attacks in 2021 were launched by Russian nation-state actors.
- Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021.
- Over 70% of nation-state attacks these researchers observed targeted enterprises.
Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>
2. Spoofing and brand fraud are growing
As the pandemic raged on, ever-rising volumes of email traffic due to the powerful combination of a shift to remote work and the increasing sophistication of phishing messages gave rise to brand impersonation woes. The number of domains suspected of some degree of brand impersonation rose by more than 360% since 2020.
The Verizon Data Breach Investigations Report 2021 shows the rapid rise of brand impersonation, clocking in 15 times higher in 2021 than it did in 2020. Employees encounter this threat frequently – 25% of all branded emails that companies receive are spoofed or brand impersonation attempts.
Most imitated brands of 2021
- DHL 23%
- Microsoft 20%
- WhatsApp 11%
- Google 10%
- LinkedIn 8%
- Amazon 4%
- Roblox 3%
- FedEx 3%
- PayPal 2%
- Apple 2%
- Other 14%
Source: ZDNet
Considering a new dark web monitoring solution? This eBook helps you find the right one for your organization. GET EBOOK>>
3. More attacks on manufacturing and industry
Make no mistake, manufacturing and industry are firmly in cybercriminal sights. A whopping 80% of organizations in those sectors reported that they experienced a ransomware attack in 2021.
Which industrial targets were attacked the most in 2021?
| Industry | % of Total |
| Manufacturing | 61% |
| Oil & Gas | 11% |
| Transportation | 10% |
| Utilities | 10% |
| Mining | 7% |
| Heavy & Civil Engineering | 1% |
Source: IBM X-Force Threat Intelligence Index 2021
Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>
4. Attacks on infrastructure are accelerating
The U.S. Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3) reports that U.S. organizations in 14 of 16 critical infrastructure categories experienced at least one ransomware attack in 2021.
Number of attacks on infrastructure sectors
| Sector | Number of reported attacks |
| Healthcare and Public Health | 48 |
| Financial Services | 89 |
| Information Technology | 74 |
| Critical Manufacturing | 65 |
| Government Facilities | 60 |
| Commercial Facilities | 56 |
| Food and Agriculture | 52 |
| Transportation | 38 |
| Energy | 32 |
| Communications | 17 |
| Chemical | 12 |
| Water and Wastewater Systems | 4 |
| Emergency Services | 2 |
| Defense Industrial Base | 1 |
Source: FBI IC3
Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>
5. The number of ransomware attacks ballooned
FBI analysts disclosed that IC3 received more than 2,000 ransomware complaints, with more than $16 million in losses — a 20% increase in reported losses compared to the same period in 2020. That trend is set to continue with no end in sight. Since 2020, the United States incurred a 127% increase in the number of ransomware attacks while the United Kingdom exhibited a 233% surge in ransomware infections.
Biggest percentage increase in ransomware attacks (by industry) in the U.S. in 2021
| Industry | % increase in ransomware attacks |
| Government and Public Sector | 1,885% |
| Healthcare | 775% |
| Education | 152% |
| Retail | 21% |
Source: Fortune Magazine
Some industries had it a little bit harder than others. Banking and Finance got absolutely hammered in Q1 and Q2 2021, with a 1,318% increase in the number of ransomware attacks waged against that sector. That pressure leveled off in the second half of the year. Ultimately, almost one-quarter of attacks in 2021 were aimed at banking and finance targets.
The top 10 industries for ransomware attacks
| Industry | % of total recorded attacks in 2021 |
| Banking and Finance | 22% |
| Utilities | 20% |
| Retail | 16% |
| Education | 9% |
| Government | 8% |
| Industrial | 4.8% |
| Outsourcing and Hosting | 4% |
| Construction | 3.6% |
| Insurance | 3% |
| Wholesale | 1% |
| Other | 8.6% |
Source: Trellix
A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>
6. Ransom demands are rising
Cybercriminals have upped their prices, notching new record-high ransom demands. In 2021, the average paid ransom amount increased by 82% to a new record high average ransom demand of $570,000, compared with just $170,000 in 2020.
Ransoms paid in 2021
| Amount | % of total recorded |
| $10 – $50 million | 19% |
| $2 – $10 million | 46% |
| Less than $2 million | 35% |
Source: IBM
Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>
7. The cost of a data breach is the highest in nearly two decades
A data breach is more expensive than it has ever been. In the IBM/Ponemon Cost of a Data Breach Report 2021, researchers pegged the average cost of a breach at $4.2 million per incident — 10% higher than in 2020 and the highest recorded in the 17 years of the study. If a data breach was caused by a remote worker, that cost rose by another $1.5 million.
The top 5 industries by average total data breach cost
| 2020 | 2021 | |
| Healthcare | $7.13 million | $9.23 million |
| Financial | $5.72 million | $5.85 million |
| Pharmaceuticals | $5.04 million | $5.06 million |
| Technology | $4.88 million | $5.04 million |
| Energy | $4.65 million | $6.35 million |
Source: IBM
Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>
Reduce The Risk of These 7 Cybercrime Trends Impacting You
ID Agent offers two powerhouse solutions that can help organizations lower their risk and build strong defenses against today’s biggest cybercrime risks by educating employees and closing security gaps, setting them up for security success.
Security and Compliance Awareness Training
BullPhish ID is the ideal affordable security and compliance awareness training solution for companies of any size.
- Gain access to a huge library of security and compliance training videos in 8 languages with quizzes to measure retention – and 4 new video lessons are added a month
- Run phishing simulations easily using plug-and-play or customizable phishing training campaign kits with new kits released regularly
- Automate the delivery of training and the generation and delivery of reports to stakeholders
Dark Web Monitoring
Dark Web ID makes it easy for companies to reduce their dark web credential compromise risk.
- Uncover all of an organization’s exposed credentials in minutes
- Gain peace of mind against credential exposure with 24/7/365 monitoring using real-time, analyst validated data
- Enjoy fast alerts to compromises of business and personal credentials, including domains, IP addresses and email addresses
Schedule your demo of Dark Web ID and BullPhish ID now.
Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!