The Arctic Wolf Threat Report highlights how malicious actors are adjusting methods to circumvent security defenses. Key shifts include improving business email compromise (BEC), exploiting known vulnerabilities to penetrate organizations globally, and prioritizing data theft. Furthermore, three forms of cybersecurity events account for 95% of incident response (IR) cases: intrusions (24%), BEC (27%), ransomware (44%). 

Malicious actors exploited only 10 specific vulnerabilities in 76% of intrusion cases. Most were associated with externally facing services and remote access tools, and none were zero-days, reinforcing the importance of patch management. 

BEC is growing as a preferred tactic, especially in the finance and insurance sector, where it represented 53% of IR cases. This is the only industry where ransomware is outpaced by BEC. 

While organizations have improved ransomware recoverability, malicious actors are increasing leverage via data exfiltration. According to the report, 96% of ransomware incidents analyzed involved data theft. The median ransomware demand is $600,000.