Cybercriminals used over 500 attack tools in 2022

By Dylan Bushell-Embling
Wednesday, 03 May, 2023

Cybercriminals are using an ever expanding range of tools and attack techniques to infiltrate their victims’ networks, making defending against the attacks much more difficult, according to Sophos.

A new report published by the company analysing more than 150 Sophos Incident Response cases identified more than 500 unique tools and techniques used during the security incidents.

Sophos Field CTO John Shier said unpatched vulnerabilities are the most common root cause of attackers gaining initial access to targeted systems, followed by compromised credentials.

“Today’s attackers aren't breaking in, they’re logging in. The reality is that the threat environment has grown in volume and complexity to the point where there are no discernible gaps for defenders to exploit,” he said.

“For most organisations, the days of going at it alone are well behind them. It truly is everything, everywhere, all at once. However, there are tools and services available to businesses that can alleviate some of the defensive burden, allowing them to focus on their core business priorities.”

The report also found that more than two-thirds of attacks investigated (68%) involved ransomware, demonstrating that ransomware is still one of the most pervasive threats for companies.

But at the same time, attacker dwell time in a compromised network decreased from 15 days to 10 days in 2022, with dwell time for ransomware attacks decreasing from 11 to 9 days. The dwell time for other types of attacks fell from 34 days in 2021 to just 11 days in 2022.

“Organisations that have successfully implemented layered defences with constant monitoring are seeing better outcomes in terms of attack severity,” Shier said.

“The side effect of improved defences means that adversaries have to speed up in order to complete their attacks. Therefore, faster attacks necessitate earlier detection. The race between attackers and defenders will continue to escalate and those without proactive monitoring will suffer the greatest consequences.”

Image credit: iStock.com/A Mokhtari