Cyber Threats 2022: A Year in Retrospect

While COVID-19 is arguably one of the biggest catalysts prompting organisations to rethink their cybersecurity readiness, the cyber threat landscape in 2022 reflected a gaping trust deficit, exacerbated by geopolitical tensions in an increasingly fragmented world. 

PwC's Cyber Threats 2022: A Year in Retrospect report covers a selection of our analysis over the course of 2022. The report leverages proprietary capabilities, access to commercial tools and open source, as well as observations from incident response cases and other cyber engagements worked on by PwC firms across the network, including in Malaysia.

The 2022 report hones in on how malicious threat actors have evolved in their modus operandi, their tools and their thinking, challenging the defences of countries and organisations. From the various case studies and illustrations shared in the report, the message to organisations is clear: no entity is immune to cyber attacks. 

Indeed, Malaysian organisations are not insulated from events taking place in geographically dispersed locations given the interconnected nature of supply chains and sectors. 

Geopolitics reflected in threat actor activities around the world

In 2022, phishing activities by Russia based threat actors targeted an array of countries and organisations around the world. The level of sophistication displayed by these threat actors is disconcerting considering how well they adapted and continued effective operations despite being actively pursued by both commercial and government security organisations.

China-based threat actors showed no signs of slowing down either, increasingly optimising their operations and leveraging shared proxy resources. Organisations within the telecommunications sector were among the most vulnerable.

Throughout 2022, Iran-based threat actors continued to conduct espionage motivated attacks against victims in the Middle East, Europe and North America. In some cases, they doubled down on destructive attacks that included wipers, ransomware and “hack-and-leak” attacks.

Looking ahead

Amidst the mushrooming of ransomware attacks and credential stealing malware, organisations will need to focus their defence on rigorous patching to bolster their security strategies and wear down attackers.

Organisations will need to be prepared for more frequent attacks powered by an increasingly commoditised Access-as-a-Service cyber criminal ecosystem. The detection logic provided in the report can assist defenders in scanning their own systems and networks to find malicious threat actors. 

Public-private partnerships will continue to play a pivotal role in sharing intelligence and combating cybercrime collectively.

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Clarence Chan

Clarence Chan

Partner, Risk Services, PwC Malaysia

Tel: +60 (3) 2173 0344

Alex Cheng

Alex Cheng

Director, Risk Services, PwC Malaysia

Tel: +60 (3) 2173 0647

Tanvinder Singh

Tanvinder Singh

Director, Cyber and Forensics, PwC Malaysia

Tel: +60 (3) 2173 0293