The second quarter findings of Cisco Talos Intelligence Group, a commercial threat intelligence team, have been released, shedding light on prevalent attacks, targeted sectors, and notable trends. The report underscores the persistence of enterprise security vulnerabilities due to the absence of multi-factor authentication (MFA).
Though global law enforcement and industry disruptions are making ransomware attacks more challenging for hackers, they have still risen to constitute 17 percent of engagements. The most prominent concern addressed by Talos Incident Response (IR) in Q2, however, was incidents of data theft extortion that deliberately abstained from encrypting files or initiating ransomware attacks.
Continuing a trend from the first quarter, the healthcare sector remains the primary focus, accounting for nearly 25 percent of all incident response engagements, closely followed by the financial services sector. In a reversal of Q1 patterns, engagement with web shells – malevolent scripts enabling threat actors to compromise internet-exposed web servers – has diminished.
Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA at Cisco, commented on the findings, stating: “Individuals are frequently the primary target of cyberattacks, serving as the gateway to a company’s or organization’s central infrastructure. Thankfully, the majority of cyber threats can be thwarted through awareness, common sense, and a vigilant approach to cybersecurity while navigating the digital realm. We can also gain an upper hand by employing advanced technologies to swiftly analyze extensive data and identify potential threats before they can inflict harm.”
1. Data Theft: Data theft extortion emerged as the most prominent threat during this quarter, constituting 30 percent of Cisco Talos Incident Response (Talos IR) engagements. This surpassed web shells and continued to rank higher than ransomware. The increase in data theft extortion incidents aligns with public reports of rising instances where ransomware groups steal data and extort victims without resorting to encryption or ransomware deployment.
2. Ransomware: The second most prevalent threat in Q2 was ransomware. The Clop ransomware group exploited a significant vulnerability in MOVEit file transfer software, leading to subsequent instances of data theft affecting over 200 companies by early July.
3. Exploiting Public-Facing Applications: The exploitation of public-facing applications experienced a substantial decrease, accounting for 22 percent of engagements, down from 45 percent in the previous quarter.