Press release
Palo Alto Networks Unit 42 Incident Response Report Reveals that Phishing and Software Vulnerabilities Cause Nearly 70% of Cyber Incidents
The 2022 Unit 42 Incident Response Report reveals trends, future implications and offers recommendations based on data gathered from a year's worth of
About this update from Palo Alto Networks, Inc.
[{"type":"text","content":"The 2022 Unit 42 Incident Response Report reveals trends, future implications and offers recommendations based on data gathered from a year's worth of investigations\nSANTA CLARA, Calif., July 26, 2022 /PRNewswire/ -- According to a new report from Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, the heavy use of software vulnerabilities matches the opportunistic behavior of threat actors who scour the internet for vulnerabilities and weak points on which to focus. The 2022 Unit 42 Incident Response Report offers a multitude of insights gleaned from Unit 42 by Palo Alto Networks extensive incident response (IR) work, leveraging a sampling of over 600 Unit 42 IR cases, to help CISOs and security teams understand the greatest security risks they face, and where to prioritize resources to reduce them.\nIn the report, Unit 42 identified that finance and real estate were among the industries that received the highest average ransom demands, with an average demand of nearly $8 million and $5.2 million, respectively. Overall, ransomware and business email compromise (BEC) were the top incident types that the Incident Response team responded to over the past 12 months, accounting for approximately 70% of incident response cases.\n\"Right now, cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web,\" said Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks. \"Ransomware attackers are also becoming more organized with their customer service and satisfaction surveys as they engage with cybercriminals and the victimized organizations:\nKey trends covered in the report include:\nRansomwareA new ransomware victim is posted on leak sites every four hours. Identifying ransomware activity early is critical for organizations. Typically, ransomware actors are only discovered after files are encrypted, and the victim organization receives a ransom note. Unit 42 has identified that the median dwell time — meaning the time threat actors spend in a targeted environment before being detected — observed for ransomware attacks was 28 days. Ransom demands have been as high as $30 million, and actual payouts have been as high as $8 million...