In a 2023 study, it was found that attackers’ most frequent action last year was installing backdoors that enable remote access to systems. Nearly 67% of these backdoor incidents were linked to ransomware attacks, and in many cases, the backdoor was detected by defenders before the ransomware could be delivered. The increasing use of backdoor deployments is partly attributed to their high market value. According to X-Force, threat actors have been selling existing backdoor access for as much as $10,000, compared to stolen credit card data which may sell for less than $10 today.

“The change toward detection and response has helped defenders to block adversaries earlier in the attack chain, limiting ransomware’s advancement in the short term,” Charles Henderson, Head of IBM Security X-Force, stated. “But, it is only a matter of time until today’s backdoor issue turns into tomorrow’s ransomware nightmare. Attackers are always devising new methods to avoid detection. Excellent defence is no longer sufficient. Businesses must implement a proactive, threat-driven security approach to break away from the never-ending rat race with attackers.”

The IBM Security X-Force Threat Intelligence Index monitors new and current trends and attack patterns, gathering information from billions of data points from network and endpoint devices, incident response engagements, and other sources.


Among the significant conclusions of the 2023 study are the following:

Threat actors’ preferred method is extortion.

In 2022, the most significant consequence of cyberattacks was extortion, which was often carried out through ransomware or business email phishing attacks. Threat actors attempted to take advantage of geopolitical tensions, and as a result, Europe was the primary target for this tactic, accounting for 44% of the detected extortion incidents.

Cybercriminals use email conversations as a weapon.

In 2022, thread hijacking increased significantly as attackers impersonated original participants and replied within existing conversations using hacked email accounts. According to X-Force, monthly attempts to hijack threads increased by 100% compared to 2021.
Furthermore, despite the number of vulnerabilities reaching an all-time high, legacy exploits still remained active. However, between 2018 and 2022, the proportion of known exploits relative to vulnerabilities decreased by 10 %. The findings suggest legacy exploits allowed prior malware attacks like WannaCry and Conficker to persist and propagate.

Extortion Pressure Is Being Used (Unevenly)

Cybercriminals frequently use extortion schemes to target the most susceptible sectors, enterprises, and areas, creating enormous psychological pressure to force victims to pay. Manufacturing was the most extorted and assaulted industry in 2022 and the most attacked industry for the second year in a row. Manufacturing companies are an appealing target for extortion since they have a very low tolerance for downtime.

Thread Hijacking on the Rise

Email thread hijacking activity increased last year, with monthly attempts by threat actors tripling compared to 2021 statistics. Additionally, X-Force discovered that attackers utilized this approach to transmit Emotet, Qakbot, and IcedID, malicious software that frequently results in ransomware attacks over the course of a year.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center