Phishing 'gains momentum' as top cyberattack method in 2022: Coalition

By Erin Ayers, Advisen

Just one unpatched software vulnerability can increase the likelihood of experiencing a cyber incident by 33%, according to Coalition’s 2023 Claims Report, which also highlighted employee mistakes as “the greatest contributing factor” to cyber insurance claims.

“Threat actors are forever looking for targets with weak security controls or unprotected infrastructures - these are the paths of least resistance into a company’s network,” said Catherine Lyle, Coalition’s head of claims. “Unfortunately, that’s why human inaction, such as not patching a publicized critical vulnerability or updating out-of-date software, is a high-risk factor for a cyber incident or cyber claim.”

Coalition offered a few examples of the type of risk vulnerabilities created. Small firms running on-premises Microsoft Exchange were nearly twice as likely to experience an attack, while larger businesses using on-premises Microsoft Exchange saw more than double the risk.

In another example, large businesses using devices with unpatched services from security vendor Fortinet, which had several critical vulnerabilities in 2022, saw three times as many claims as businesses not using those devices. In one case, Coalition noted, a manufacturer did not heed the warning to remediate a Fortinet vulnerability and faced a $1 million ransom demand as a result.

“After a painful eight days of disruption, the manufacturer was able to resume operations, but not before incurring significant financial losses,” Coalition said.

Exploited public-facing vulnerabilities were the second-most commonly cause of cyber events but fell far behind phishing attempts, which caused 76% of reported cyber events in 2022. Phishing-related claims increased 29% in the second half of 2022 alone, Coalition found.

The firm attributed some of the rise to cybercriminals’ use of artificial intelligence tools to write more convincing emails in multiple languages.

“Phishing became a fixture of everyday life as hackers attempted to trick employees to gain access to critical systems. The onslaught of emails, text messages, and voicemails was irritating, yet highly effective,” said Coalition in the report.

Phishing can lead to a variety of cyberattacks that leverage stolen credentials or mistakenly authorized access, including funds transfer fraud (FTF) and business email compromise (BEC). It also has one of the simplest prevention methods: multi-factor authentication, according to Coalition.

“It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organization’s network because it provides the person protection even when security is not top of mind. For many of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim,” Lyle said.

The report also revealed overall claim frequency dropped 22% from 2021 to 2022, with a 54% year-over-year decrease in ransomware claims. Ransom demands dropped 17.5% from $1.2 million in 2021 to $1 million in 2022.

Although claim frequency dropped, claim severity ticked up 7% to an average of $169,000, according to the report.

Funds transfer fraud replaced ransomware as the top cause of loss, but FTF claim frequency also decreased slightly in 2022 following a 23% rise in 2021. Severity for FTF claims moderated in 2022, after a 68% increase the year before.

The average amount lost to FTF dropped 36% to $212,000 and Coalition also reported successful recovery of 66% of funds lost to this type of scam. However, the average amount of time hackers lurked in systems nearly doubled to 42 days from 24 days in 2021.

Managing Editor Erin Ayers can be reached at erin.ayers@zywave.com.