Cisco Talos has listed ransomware as the top security threat between April & June 2021 on its quarterly assessment. The commercial threat intelligence organization backs the Cisco Talos Incident Response (CTIR).
Cisco Talos saw a wide range of threats, with ransomware being the most prevalent threat this quarter. Ransomware accounted for nearly half of all incidents and was more than three times the next most common threat, according to CTIR. Transportation, utilities, health care, government, telecoms, technology, machinery, chemical distribution, manufacturing, education, real estate, and agriculture were among the verticals targeted by actors. However, for the third quarter in a straight, healthcare was targeted the most out of all verticals, with government coming in second.
Commenting on the Cisco Talos Threat Assessment Report, Fady Younes, Cybersecurity Director at Cisco Middle East and Africa, said: “There are many reasons why actors are continuing to target the healthcare industry, including the COVID-19 pandemic, incentivizing victims to pay to restore services as quickly as possible. On a positive note, there were several pre-ransomware events in which timely detection via Cisco Secure products, along with quick remediation led to the containment of the incident before encryption could occur.”
Commercial tools like Cobalt Strike, open-source tools, and tools native to the victim’s device were all exploited by ransomware actors. The exploitation of known vulnerabilities, bitcoin mining, and account compromise were among the other dangers identified. There were several occurrences involving trojanized USB devices, an outdated attack vector that hasn’t been seen in a long time.
One of the most significant hurdles to enterprise security is the lack of multi-factor authentication (MFA). CTIR routinely sees ransomware situations that may have been avoided if MFA on vital services had been enabled. Wherever practical, CTIR encourages organizations to use MFA.
