Cisco Talos, one of the world’s largest private threat intelligence teams, has released its most recent quarterly report on incident response trends and global cyber threats.
According to the report, commodity malware outpaced ransomware for the first time in more than a year during April, May, and June 2022, accounting for 20% of all threats observed, followed by ransomware, phishing, business email compromise (BEC), and advanced persistent threats.
Commenting on the report’s findings, Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA said: “Organizations across countries of the Middle East and Africa hold a huge amount of sensitive data that is prone to cyber threats and needs to be secured. With cyberattacks becoming more sophisticated, the demand for comprehensive cybersecurity solutions is increasing.” He added: “Cisco is uniquely positioned to support governments and businesses of all sizes and across industries in our region, addressing the cyber security challenges they are facing, and helping them increase their security resilience.”
This quarter saw a rise in commodity malware threats, which are widely available for purchase or download. This type of malware is typically not customized and is used by a variety of actors to deliver additional threats at different stages of their operations and/or to deliver additional threats. Cisco Talos also observed ongoing Qakbot activity, which uses thread hijacking to allow threat actors to insert malicious replies into existing email conversations using compromised email accounts.
Ransomware made up a smaller portion of all threats this quarter, accounting for 15% of all threats compared to 25% the previous quarter. The drop is attributed to a variety of factors, including the closure of several ransomware groups, whether by choice or as a result of global law enforcement agencies and governments.
Telecommunications remains the most targeted industry, continuing a trend that saw it among the top targeted sectors in Q4 2021 and Q1 2022, closely followed by organizations in the education and healthcare sectors.
Financial services, local government, food services, retail, automotive, information technology, production, and manufacturing are among the other verticals targeted. Meanwhile, the US remains the most targeted country, followed by Europe, Asia, North America, and the Middle East.
To protect against these threats, Cisco strongly advises organizations to implement multi-factor authentication (MFA) on all critical services, such as Cisco Duo. Endpoint detection and response solutions, such as Cisco Secure Endpoint, are also critical for detecting malicious activity on machines and networks. Cisco Secure Firewall can help protect users from commodity trojans and malware like Qakbot, while Cisco Secure Email and Secure Malware Analytics can help protect users from targeted phishing emails and business email compromise, both of which adversaries used frequently this quarter.
