Ransomeware continued to be the top threat and telecommunications was the most affected industry in the first quarter of 2022, according to a new trends report.
Cisco’s Quarterly Trends, which examines the cyber threats trends, reported that ransomware continued to remain the top threat in the first quarter of the year.
The Cisco report has found an increase in engagements involving Advanced Persistent Threat activity, which included Iranian state-sponsored MuddyWater APT activity, China-based Mustang Panda activity leveraging USB drives to deliver the PlugX remote access trojan (RAT), and a suspected Chinese adversary dubbed “Deep Panda” exploiting Log4j, said a release from the company.
Cybercriminals targeted a broad range of verticals, including education, energy, financial services, health care, industrial production and equipment, local government, manufacturing, real estate, telecommunications, and utilities. Telecommunications became the most affected industry, closely followed by organisations in the education and government sectors, the report said.
Fady Younes, Cybersecurity Director, EMEAR Service Provider and MEA, said: “In 2021, the most attacked sector monitored by Talos was healthcare. However, cybercriminals have shifted their focus over the last 12 months. Given that telecom companies operate critical infrastructure and store large amounts of sensitive data, this sector is expected to remain a key target.”
Ransomware continued to comprise the majority of threats Cisco Talos responded to. No one ransomware family was observed twice in incidents in the first quarter of 2022. This is indicative of a trend towards greater democratisation of ransomware adversaries that Talos began observing last year. This quarter also saw the appearance of emerging ransomware families, including Cerber (aka CerberImposter), Entropy and Cuba. Additional high-profile ransomware families included Hive and Conti.
Log4j exploitation was the second most common cyber security threat during the quarter behind ransomware, indicating a growing risk despite a patch being available. Cisco experts observed adversaries capitalising on organisations’ lack of up-to-date patches and improper data protections.
Cisco’s top recommendation for defending digital environments is to use preventive Zero Trust access controls to verify user trust and device trust, as well as to apply access controls for every application. Zero Trust access controls for workforce is an effective approach to prevent adversaries from gaining unwanted and unauthorised access. Talos routinely sees threat activity that could have been prevented if Zero Trust access controls for users and their devices (laptops, mobiles, and tablets) had been enabled.
