These 2 Cyberattacks Are Today’s Nastiest Threats Against Businesses

September 08, 2022

Ransomware and BEC Are the 2 Dominant Cybercrime Menaces

What is the one thing cybersecurity professionals dread the most every day? If your answer is experiencing a cyberattack, then you have guessed right. No business wants to be duped by cybercriminals. Just one attack can result in both financial losses and severe reputational damage. In the aftermath of a cyberattack, it takes some doing for a victimized business to get back on its feet, and some businesses never manage to recover. In fact, about 60% of SMBs go out of business within six months of a cyberattack. 


Explore today’s biggest threats & what’s next in The State of Email Security 2022 GET IT>>


Low investment & high reward attacks are cybercriminal favorites


Ransomware and BEC have emerged as the preferred attacks for cybercriminals to launch in order to make serious money. They can also cripple businesses. According to a 2022 Unit 42, Incident Response Report from Palo Alto Networks, ransomware and business email compromise (BEC) were the top cyberattacks that the Incident Response team handled over the past 12 months, accounting for approximately 70% of attacks. The biggest reason cited for the proliferation of these attacks is that ransomware and BEC attacks require little specialized effort and can be largely automated or farmed out, making them a low-investment/high-reward scenario. 

Top Cyberattacks H1 2022

Source: Palo Alto Networks


See 10 reasons why Graphus is just better than other email security solutions. SEE THE LIST>>


Growing problems haunt IT teams


The modern ransomware and BEC deluge began with the WannaCry outbreak of 2017, and the COVID-19 pandemic added fuel to the fire. As organizations rapidly pivoted to remote work, several gaps emerged in their cyber defenses, enabling cybercriminals to exploit these vulnerabilities to launch ransomware and BEC attacks. Due to the decentralization of endpoints, threat actors can often conduct inconspicuous attacks without getting noticed by the cybersecurity teams of organizations. Additionally, lack of training, the availability of dark web data like credentials, the rise of the Cybercrime-as-a-Service economy on the dark web and the problems presented by legacy systems have also contributed immensely to the increase of ransomware and BEC attacks. The report by Palo Alto Networks also concludes that software vulnerabilities (or outdated software) accounted for 77% of all incidents, alongside poor password security and phishing attacks in the past 12 months.

Cybercriminals made huge amounts of money from BEC and ransomware in 2021. In the U.S. Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3) 2021 report, we get a look at the financial damage that BEC and ransomware have wrought in the U.S. and it is major. The BEC/EAC category topped the chart for cybercrimes with the biggest victim losses again, with complainants to IC3 suffering a whopping $2,395,953,296 in losses in 2021, 28% higher than 2020’s record total of $1,866,642,107, with 3% more total BEC complaints. IC3 also received 3,729 complaints identified as ransomware in 2021, a 51% increase over 2020. Ransomware was also to blame for losses of more than $49.2 million, a 69% increase over 2020.  

Cybercrimes in 2021 by Victim Loss Total

  Source: FBI IC3


Follow the path business takes to a ransomware disaster in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


Certain industries have higher phishing risk 


BEC and ransomware have something in common: they’re predominantly phishing-based. The more phishing attacks a  sector faces, the higher that sector’s risk for ransomware or BEC trouble. Phishing isn’t slowing down, and it’s bringing fresh danger to companies in every sector. However, some industries are under siege more than others. According to Statista, during the first quarter of 2022, an estimated 23% of phishing attacks worldwide were directed toward financial institutions. Additionally, web-based software services and webmail accounted for about 20% of attacks. A separate report by Kroll revealed that the healthcare industry has also been hit hard, experiencing a whopping 90% surge in the number of cyberattacks in Q2 of 2022 when compared with Q1 of 2022.

Source: Statista


Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>


Phishing is experiencing explosive growth


As we enter the third quarter of 2022, cybersecurity teams are burning the midnight oil to protect their networks against a plethora of cyber threats. The increased vigilance is necessary because phishing has reached a record high, with more than one million attacks recorded in a single quarter of 2022 for the first time, according to The APWG’s new Phishing Activity Trends Report. Cybercriminals are concentrating their efforts on leveraging advanced tools to launch sophisticated phishing attacks that deliver potentially devastating threats to a company’s doorstep daily like ransomware and business email compromise (BEC).

Source: APWG


AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>


AI & security automation are key weapons in the war against phishing 


While securing Virtual Private Networks (VPNs), multi-factor authentication (MFA), password managers, and regular security and compliance awareness training are must-haves for an organization’s cyber hygiene, AI-based email security is the star of the hour to stop the barrage of phishing-based cyberattacks. According to research by Help Net Security, 51% of advanced phishing threats are best addressed by AI-based email security. With the growing sophistication of cyberattacks, businesses must detect and prevent embedded ransomware in emails. Unfortunately, employees aren’t a reliable defense against phishing-based cyberattacks because the vast majority of them cannot detect a sophisticated phishing email. 

But AI-based email security solutions are email security game-changers, instantly removing malicious content like links and attachments to protect an organization’s network. AI-based solutions can make smart choices without human intervention by using machine learning to make decisions about the content of messages. More than 40% of companies in an IBM survey cited AI and security automation as a major factor in their success at improving their cybersecurity posture. Plus, AI-based email security solutions don’t cause communication delays,  eliminating risky content without hampering the organization’s productivity.  


Read our case studies to see how businesses have defeated phishing with Graphus! READ NOW>>


Graphus Catches and Contains Sophisticated Email Threats


Graphus leverages AI and machine learning to put three layers of defense between a phishing email and your organization. With its patented AI technology, Graphus monitors communication patterns between people, devices and networks to reveal untrustworthy emails, making it a simple, powerful, and cost-effective automated phishing defense solution for companies of all sizes. Graphus identifies and blocks a wide variety of threats including social engineering and zero-day attacks to keep businesses safe from even the most sophisticated phishing threats. 

  • Graphus blocks sophisticated phishing messages before users see them.      
  • Puts 3 layers of protection between employees and dangerous email messages. 
  • Seamlessly deploys to Microsoft 365 and Google Workspace via API, without big downloads or lengthy installs.  
  • Provides intuitive reporting to help you gain insights into the effectiveness of your security, level of risks, attack types, and more
  • Book a demo of Graphus

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus