F5 Labs is elated to announce that we’ve published the 2022 Application Protection Report, our annual attempt to document the ongoing evolution of the threat landscape and provide mitigation guidance for security practitioners.

As always, the report is long and detailed, and pulls from multiple different sources to try to get as close as possible to the messy truths of information security. It includes an analysis of about 1,000 publicly disclosed breaches from 2021 using three different data models, a snapshot of cloud risk from several different angles, and the (slightly modified) MITRE ATT&CK analysis and visualizations that we first used in the 2021 Application Protection Report.

If you’ve got the time and the inclination, we think the full report’s worth the time, but if you just want the conclusions, here’s a precis:

• Malware grew in prevalence, playing a role in more than 30% of known U.S. data breach in 2021.
• While ransomware attacks continued to increase, many malware breaches exfiltrated data without encryption and a ransom, demonstrating the enduring demand for stolen data for use in later fraud.
• Exfiltration was the ATT&CK tactic that grew the most, featuring in nearly 80% of application attacks in 2021.
• Web exploits declined in prevalence, but became more focused on formjacking attacks (such as Magecart) against retail targets.
• Access attacks, such as phishing and credential stuffing, remained the single most common breach cause, and 24% of 2021 breaches were characterized by business email compromise.
• According to our analysis, the single most important mitigation is data backup, reflecting the threat of ransomware, but since modern ransomware strategies often compromise backups, a more holistic approach, including environment-wide hardening, is necessary.

We hope it helps security practitioners stay one step ahead of attackers. Feedback is welcome at f5labs@f5.com.