Backdoors, Ransomware, Extortion: 2022 Cyber Threat Trends
Key Points
- Back doors topped X‑Force’s 2022 incident actions, accounting for 21 % of cases, and are increasingly used as the foothold for ransomware attacks, which remain the second‑most common threat (17 %).
- Thread‑hijacking attacks—where attackers compromise email accounts and impersonate victims in ongoing conversations—doubled in frequency compared with 2021, enabling broader credential and data theft.
- Extortion impacted over a quarter of all attacks in 2022, with manufacturing being the most targeted sector (30 % of incidents), highlighting the rise of victim‑pressure schemes that exploit customers and partners as pawns.
- Although the total number of disclosed vulnerabilities hit a record high, weaponised exploits dropped by more than 9 % from 2018‑2022, yet threat actors still leverage the ~78 000 known exploits, often using old (3‑5‑year) ones, underscoring the need for strong passwords, MFA, and proactive cyber‑range simulations.
Full Transcript
# Backdoors, Ransomware, Extortion: 2022 Cyber Threat Trends **Source:** [https://www.youtube.com/watch?v=PsT2joRNvpI](https://www.youtube.com/watch?v=PsT2joRNvpI) **Duration:** 00:04:31 ## Summary - Back doors topped X‑Force’s 2022 incident actions, accounting for 21 % of cases, and are increasingly used as the foothold for ransomware attacks, which remain the second‑most common threat (17 %). - Thread‑hijacking attacks—where attackers compromise email accounts and impersonate victims in ongoing conversations—doubled in frequency compared with 2021, enabling broader credential and data theft. - Extortion impacted over a quarter of all attacks in 2022, with manufacturing being the most targeted sector (30 % of incidents), highlighting the rise of victim‑pressure schemes that exploit customers and partners as pawns. - Although the total number of disclosed vulnerabilities hit a record high, weaponised exploits dropped by more than 9 % from 2018‑2022, yet threat actors still leverage the ~78 000 known exploits, often using old (3‑5‑year) ones, underscoring the need for strong passwords, MFA, and proactive cyber‑range simulations. ## Sections - [00:00:00](https://www.youtube.com/watch?v=PsT2joRNvpI&t=0s) **Backdoors Driving Ransomware Threats** - The segment highlights how back‑door malware, now accounting for 21 % of incidents, is the primary vector enabling ransomware attacks, while thread‑hijacking email catfishing and extortion emerge as rapidly growing tactics in the 2022 X‑Force threat intelligence index. ## Full Transcript
what do back doors ransomware catfishing
extortion and exploitation have in
common they are some of the top trends
we identified in this year's X-Force
threat intelligence index
attackers followed the money and right
now persistent access to corporate
environments go for a lot of money on
the dark web making back doors a
profitable commodity for attackers
representing 21 percent of cases back
doors which are malware offering
attackers remote access to compromise
systems were the most common action
observed in incidents in 2022 knocking
out ransomware which held the top spot
since 2020. attackers often use back
doors or persistent access to execute
ransomware attacks
unless more businesses put their
defenses on the offense today's backdoor
problem will turn into tomorrow's
ransomware crisis
representing 17 percent of attacks
worldwide ransomware was the second most
common action observed in 2022 an exor
study revealed that while there's been a
slight decline in the prevalence of
ransomware a taxed up 94 percent less
time over the last few years
thread hijacking attempts doubled
compared to 2021. threat hijacking
another form of catfishing is when an
attacker compromises a victim's email
account and replies to a recent email
thread impersonating the victim by
hijacking an email thread adversaries
can trick a target's friends family even
co-workers into providing access to
sensitive information data or systems
creating a chain reaction with multiple
victims
extortion is a battle tested technique
that exerts pressure levers to inflict
maximum pain on a victim organization
and the latest scheme is involving
customers and business partners as pawns
extortion was the top impact observed in
2022 more than one quarter of attacks
involved some form of extortion
for the second year in a row
manufacturing was the most extorted
industry extortion accounted for 30
percent of incidents in manufacturing
and 27 percent in all Industries
even as the number of vulnerabilities
disclosed hit another record high the
proportion of weaponized exploits to
reported vulnerabilities has been
trending down
from 2018 to 2022 exploits relative to
vulnerabilities dropped by more than
nine percent
attackers have access to nearly 78 000
known exploits making it easier to use
an existing exploit left unpatched
rather than investing time and resources
into developing a new one
in 2022 X-Force observed several
incidents resulting from three to five
year old exploits so what can you do
use adversary simulation to understand
an attacker's view of both known and
unknown risks this can help
organizations take preventative measures
before an incident happens
take steps to protect yourself from
thread hijacking such as using strong
and unique passwords and enabling
multi-factor Authentication
for organizations that have a low
threshold for downtime they need to have
a proactive cyber security strategy
including active threat assessment
playbooks and other cyber range
activities
and remember
to operate under the assumption of
an assumed breach
assume an attacker already has access to
your environment and is moving around
be proactive not reactive
stop focusing on the perimeter start
focusing on detection and response
prioritize your security
and when