MANILA, 15 August 2022 — According to a new report from Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, the heavy use of software vulnerabilities matches the opportunistic behavior of threat actors who scour the internet for vulnerabilities and weak points on which to focus. The 2022 Unit 42 Incident Response Report offers a multitude of insights gleaned from Unit 42 by Palo Alto Networks' extensive incident response (IR) work, leveraging a sampling of over 600 Unit 42 IR cases, to help chief information security officers (CISOs) and security teams understand the greatest security risks they face, and where to prioritize resources to reduce them.
Oscar Visaya, Country Manager for the Philippines at Palo Alto Networks, shared, “As cybercriminals find more ways to exploit these software vulnerabilities, organizations must take the necessary steps to minimize the risks for the company and its stakeholders. Organizations must ramp up patch management and orchestration to try to close these known holes as soon as possible.”
Ransomware and business email compromise (BEC) were the top incident types that the Incident Response team responded to over the past 12 months, accounting for approximately 70% of incident response cases. The findings reflect local data of research company Statista in which phishing emerged as the most frequent fraud scheme targeting consumers in the Philippines in Q1 2022.
A new ransomware victim is posted on leak sites every four hours. Identifying ransomware activity early is critical for organizations. Typically, ransomware actors are only discovered after files are encrypted, and the victim organization receives a ransom note. Unit 42 has identified that the median dwell time — meaning the time threat actors spend in a targeted environment before being detected — observed for ransomware attacks was 28 days. Ransom demands have been as high as $30 million, and actual payouts have been as high as $8 million, a steady increase compared to the findings of the 2022 Unit 42 Ransomware Report. Increasingly, affected organizations can also expect threat actors to use double extortion, threatening to publicly release sensitive information if a ransom isn’t paid. In the same report, the Philippines was also discovered as a key target for BlackCat Ransomware which emerged in late 2021.
Cybercriminals used a variety of techniques in business email compromise wire-fraud schemes. Forms of social engineering, such as phishing, offer an easy and cost-effective way to gain covert access while maintaining a low risk of discovery. According to the report, in many cases, cybercriminals are simply asking their unwitting targets to hand over their credentials — and getting them. Once they have access, the median dwell time for BEC attacks was 38 days, and the average amount stolen was $286,000.
“Right now, cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web,” said Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks. “Ransomware attackers are also becoming more organized with their customer service and satisfaction surveys as they engage with cybercriminals and the victimized organizations”
Palo Alto Networks customers can take advantage of Cortex Xpanse for attack surface management to identify vulnerable internet-exposed systems and can often catch systems that organizations may not be aware are running on the network. Customers also receive protections against the specific vulnerabilities discussed in this post through Cortex XDR, Prisma Cloud, Cloud-Delivered Security Services, and other products.
Unit 42 Incident Response Services
Palo Alto Networks Unit 42 has an experienced team of security consultants with backgrounds in public and private sectors who have handled some of the largest cyberattacks in history. They manage complex cyber risks and respond to advanced threats, including nation-state attacks, advanced persistent threats, or APTs, and complex ransomware investigations. Unit 42 incident response experts are available 24/7 to help clients understand the nature of the attack and then quickly contain, remediate and eradicate it. They utilize a proven methodology and battle-tested tools developed from real-world experiences investigating thousands of incidents.
Further detail on future predictions, tips to stay safe, additional data points and more can be found in the “2022 Unit 42 Incident Response Report,” which can be downloaded on the Palo Alto Networks website. A summary of the report is available on the Unit 42 blog.
About Unit 42
Palo Alto Networks Unit 42 brings together world-renowned threat researchers, elite incident responders and expert security consultants to create an intelligence-driven, response-ready organization that’s passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach and respond to incidents in record time so that you get back to business faster. Visit paloaltonetworks.com/unit42.
About Palo Alto Networks
Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.
At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.
Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.