Lessons from the biggest email-driven cyberattacks of 2022

2022 has been a rollercoaster ride for those in the cybersecurity industry with major email-based attacks dismantling business operations and jeopardizing reputations. 

Cybercrime is a lucrative and continuously evolving business that impacts companies of all sizes as sophisticated threat actors continue to exploit email vulnerabilities for financial gain. This year alone, email-driven cyber-attacks have skyrocketed. Email is the entry point for most ransomware attacks, which have spiked a nearly 13% increase equal to the last five years combined. With such a drastic increase, companies continue to fall victim to cyber-attackers by failing to implement proper email security. 

Let’s dive into the biggest email-driven cyberattacks of 2022 and the lessons they offer to enterprises. 

Reflecting on three of the biggest email-driven cyberattacks of 2022

  1. In March, Horizon Actuarial disclosed a data breach that affected over 1 million customers of the group’s healthcare and benefit plans. Through a ransomware attack, cybercriminals stole personally identifiable information (PII) including names, dates of birth, Social Security numbers and health plan information, from over 33 organizations. Following its notice, a lawsuit pointed to Horizon Actuarial’s alleged lack of preparedness as well as the significant time it took to inform individuals affected by it. 
  1. In April 2022, Baptist Medical Center experienced a cybersecurity incident that affected approximately 1.2 million patients. An investigation revealed that an unauthorized party had infected the hospital network with malicious code, removing data including Social Security numbers, health insurance information, medical record numbers, dates of service, provider and facility names, addresses, birth dates, reasons for visit, procedure information, account or claim status, and billing and diagnostic codes. A lawsuit alleged that the breach resulted from negligence to implement proper technical safeguards to prevent security incidents. 
  1. In June, Flagstar Bank, one of the largest financial service providers in the United States, reported a data breach that compromised the Social Security numbers of 1.5 million customers. The attack was the second incident in just two years, and it took Flagstar over six months to detect the breach. 

What we can learn from these breaches 

The healthcare and financial services industries continue to be top targets of cyber-criminals and this trend will undoubtedly continue throughout the remainder of the year. Breaches can lead to bad publicity, damaging a company’s reputation and resulting in expensive lawsuits, as is evidenced by the Horizon Actuarial data breach. 

The Flagstar Bank data breach showcases that being a victim of a breach does not prevent subsequent breaches, despite what many companies might think. Almost all companies who fall victim to ransomware attacks attempt to minimize these attacks before having to come clean.  

The last thing to note is that many smaller businesses are just as appealing a target as large enterprises, especially when they don’t have the resources to protect themselves. Investing in email security is crucial for businesses of all sizes, locations, and industries. 

Predictions for the remainder of 2022 

With increasing numbers of ransomware attacks and instability across the world, economic, political and climate uncertainty will manifest as themes in email attacks. The United States 2022 midterm elections will surely be a major opportunity for threat actors, whether it be targeting campaigns, voters, or parties. Data from the FBI shows Business Email Compromise now costs organizations $43 billion per year – by far the costliest and most dangerous cybercrime for businesses. 

As more legitimate domains are protected by DMARC, abuse and impersonation attacks from lookalike domains will continue to increase. As a result, the attack surface is expanding faster than prevention security and the demand for increased digital brand protection will grow. We’ll likely see more discussion about the “attack surface “as part of digital brand protection going forward. 

According to research, cyberattacks have increased 50% year-over-year, with each organization facing approximately 925 cyberattacks per week globally. With such a drastic increase and looming danger, companies that fail to implement proper email security protocols will continue to fall victim to cyber attackers. Although there is no right way to cope with a cyberattack, companies can take action by incorporating the necessary security measures to avoid the threat in the first place.

Strengthen your organization against cyberattacks with the Red Sift platform 

At Red Sift, we enable security-first organizations to successfully communicate with and ensure the trust of their employees, vendors, and customers. Our integrated email security and brand protection platform is made up of a number of gold-standard and award-winning products: OnDMARC, OnDOMAIN, and OnINBOX. These are designed to work in unison to block outbound phishing attacks, analyze the security of inbound emails, and provide domain impersonation defense for company-wide threat protection.

Red Sift find out more


Brian Westnedge

23 Aug. 2022



Recent Posts


Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more

Understanding the polyfill.io domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the polyfill.io domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. Latest update: 27th June 2024 Sansec, a…

Read more