Lessons from the biggest email-driven cyberattacks of 2022

2022 has been a rollercoaster ride for those in the cybersecurity industry with major email-based attacks dismantling business operations and jeopardizing reputations. 

Cybercrime is a lucrative and continuously evolving business that impacts companies of all sizes as sophisticated threat actors continue to exploit email vulnerabilities for financial gain. This year alone, email-driven cyber-attacks have skyrocketed. Email is the entry point for most ransomware attacks, which have spiked a nearly 13% increase equal to the last five years combined. With such a drastic increase, companies continue to fall victim to cyber-attackers by failing to implement proper email security. 

Let’s dive into the biggest email-driven cyberattacks of 2022 and the lessons they offer to enterprises. 

Reflecting on three of the biggest email-driven cyberattacks of 2022

  1. In March, Horizon Actuarial disclosed a data breach that affected over 1 million customers of the group’s healthcare and benefit plans. Through a ransomware attack, cybercriminals stole personally identifiable information (PII) including names, dates of birth, Social Security numbers and health plan information, from over 33 organizations. Following its notice, a lawsuit pointed to Horizon Actuarial’s alleged lack of preparedness as well as the significant time it took to inform individuals affected by it. 
  1. In April 2022, Baptist Medical Center experienced a cybersecurity incident that affected approximately 1.2 million patients. An investigation revealed that an unauthorized party had infected the hospital network with malicious code, removing data including Social Security numbers, health insurance information, medical record numbers, dates of service, provider and facility names, addresses, birth dates, reasons for visit, procedure information, account or claim status, and billing and diagnostic codes. A lawsuit alleged that the breach resulted from negligence to implement proper technical safeguards to prevent security incidents. 
  1. In June, Flagstar Bank, one of the largest financial service providers in the United States, reported a data breach that compromised the Social Security numbers of 1.5 million customers. The attack was the second incident in just two years, and it took Flagstar over six months to detect the breach. 

What we can learn from these breaches 

The healthcare and financial services industries continue to be top targets of cyber-criminals and this trend will undoubtedly continue throughout the remainder of the year. Breaches can lead to bad publicity, damaging a company’s reputation and resulting in expensive lawsuits, as is evidenced by the Horizon Actuarial data breach. 

The Flagstar Bank data breach showcases that being a victim of a breach does not prevent subsequent breaches, despite what many companies might think. Almost all companies who fall victim to ransomware attacks attempt to minimize these attacks before having to come clean.  

The last thing to note is that many smaller businesses are just as appealing a target as large enterprises, especially when they don’t have the resources to protect themselves. Investing in email security is crucial for businesses of all sizes, locations, and industries. 

Predictions for the remainder of 2022 

With increasing numbers of ransomware attacks and instability across the world, economic, political and climate uncertainty will manifest as themes in email attacks. The United States 2022 midterm elections will surely be a major opportunity for threat actors, whether it be targeting campaigns, voters, or parties. Data from the FBI shows Business Email Compromise now costs organizations $43 billion per year – by far the costliest and most dangerous cybercrime for businesses. 

As more legitimate domains are protected by DMARC, abuse and impersonation attacks from lookalike domains will continue to increase. As a result, the attack surface is expanding faster than prevention security and the demand for increased digital brand protection will grow. We’ll likely see more discussion about the “attack surface “as part of digital brand protection going forward. 

According to research, cyberattacks have increased 50% year-over-year, with each organization facing approximately 925 cyberattacks per week globally. With such a drastic increase and looming danger, companies that fail to implement proper email security protocols will continue to fall victim to cyber attackers. Although there is no right way to cope with a cyberattack, companies can take action by incorporating the necessary security measures to avoid the threat in the first place.

Strengthen your organization against cyberattacks with the Red Sift platform 

At Red Sift, we enable security-first organizations to successfully communicate with and ensure the trust of their employees, vendors, and customers. Our portfolio includes a number of gold-standard email and domain protection products: OnDMARC and Brand Trust. These are designed to work in unison to block outbound phishing attacks and provide domain impersonation defense for company-wide threat protection.

Red Sift find out more

PUBLISHED BY

Brian Westnedge

23 Aug. 2022

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Certificates

TLS certificates are changing: What you need to know

Red Sift

Executive summary: TLS certificates are about to get significantly shorter-lived. Starting 15 March 2026, newly issued public-trust certificates will max out at 200 days—and just three years later, that lifespan drops to 47 days. Backed by Google, Apple, and Mozilla, this shift aims to make the web safer through fresher data, faster failover, and…

Read more
DKIM

The hidden threat: How misconfigured DKIM enables replay attacks

Red Sift

Email authentication isn’t just an IT concern. It protects your brand and customers. A single misstep can let attackers spoof your domain, send phishing emails, and destroy customer trust. One of the most dangerous methods? The DKIM replay attack. In this post, we’ll break down how undersigned DKIM keys and related misconfigurations open your…

Read more
BIMI

Why DMARC and BIMI are a business priority

Jack Lilley

Email threats aren’t slowing down, and neither should your authentication strategy. In our recent joint webinar with Marigold, “From DMARC to BIMI: Navigating the New Email Authorization Landscape,” we broke down what today’s evolving standards mean for both security and marketing teams—and how to take action now with our free Red Sift Investigate tool.…

Read more
ASM

Zoom stops zooming: Why active monitoring is essential

Billy McDiarmid

​On April 16, 2025, Zoom experienced a significant global outage that disrupted video conferencing services and access to its website for thousands of users, as well as their corporate email for all their employees. It was quickly identified as a domain name registration status problem. Despite being a critical name for Zoom, somehow, the…

Read more