Asia-Pacific was the most-attacked geography worldwide in 2022, ahead of Europe, North America, Latin America, Middle East and Africa, according to IBM Security’s annual X-Force Threat Intelligence Index.

The Asia-Pacific region, specifically Japan, was the epicentre of the Emotet spike in 2022, which coincided with Russia’s invasion of Ukraine. Spam campaigns were identified across several industries, with most cases occurring in manufacturing, finance and insurance.  

Manufacturing topped the list of attacked industries in this region in 48% of cases—with finance and insurance a distant second place at 18%. Spear phishing by attachment was the top infection vector at 40% across this region, followed by exploiting public-facing applications at 22%. Cases of external remote services and spear phishing links tied for third place at 12%.

Deployment of backdoors was the most common action on objective in almost one-third (31%) of cases. Ransomware placed second at 13% and maldocs third at 10%. Extortion was the most common impact observed in 28% of cases. Impacts to brand reputation was in second place at 22% and data theft was in third place with 19%.

X-Force observed threat actors selling existing backdoor access for as much as $10,000, compared to stolen credit card data, which can sell for less than $10 today.

“The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain, tempering ransomware’s progression in the short term,” IBM Security X-Force head, Charles Henderson said.  

“But it’s only a matter of time before today’s backdoor problem becomes tomorrow’s ransomware crisis. Attackers always find new ways to evade detection. Good defense is no longer enough. To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy.”

The most common impact from cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks. Europe was the most targeted region for this method, representing 44% of extortion cases observed, as threat actors sought to exploit geopolitical tensions.

Thread hijacking saw a significant rise in 2022, with attackers using compromised email accounts to reply within ongoing conversations posing as the original participant. X-Force observed the rate of monthly attempts increase by 100% compared to 2021 data.

The proportion of known exploits relative to vulnerabilities declined 10 percentage points from 2018 to 2022, due to the fact that the number of vulnerabilities hit another record high in 2022. The findings indicate that legacy exploits enabled older malware infections such as WannaCry and Conficker to continue to exist and spread.