Cisco Talos, one of the world’s largest private threat intelligence teams released its latest quarterly report that examines incident response trends and global cyber threats.
Key findings:
- For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this quarter.
- The education sector was the most targeted by attackers this quarter, closely followed by the financial services, government, and energy sectors, respectively. For the first time since Quarter 4 2021, the telecommunications sector was not the top-targeted vertical. While the reason for the education sector being more frequently targeted this quarter is unknown, this is a popular time of year for adversaries to target education institutions as students and teachers have returned to school.
- Q3 was also characterised by previously seen high-profile ransomware variants such as Hive and Vice Society and a new ransomware family (Black Basta) that first emerged in April 2022 and had yet to be observed in incident response engagements.
- Cisco Talos also continued to observe threats that have been consistently present in previous quarters, including phishing and Business Email Compromise (BEC), attempts to exploit weaknesses or vulnerabilities in public-facing applications, and insider threats.
- Within enterprises, the lack of Multi-Factor Authentication (MFA) remains one of the biggest obstacles to corporate security, according to the report. Nearly 18% of engagements either had no MFA or only had it enabled on a handful of accounts and critical services, allowing the cybercriminal to log in and authenticate.
Commenting on the report’s findings, Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA, Cisco, said: “Today, more than ever, in an increasingly connected and digital age, cybersecurity is of the utmost importance. As enterprises and governments across the region seek to safeguard their data and businesses, Cisco continues to support our customers, helping drive rapid detection and protection against cyber risks”.
He added: ‘Security is a game of data. The more insights we have into the threat landscape, the better our telemetry is, the higher the likelihood of being able to prevent security incidents. When a breach occurs, our capabilities can detect, respond and remediate threats as fast as possible”.
More information is available on Cisco Talos’ Quarterly Report: Incident Response Trends in Q3 2022 blog.