IR Trends: Ransomware on the Rise, While Technology Becomes Most Targeted Sector

Summary:
According to Cisco Talos’s new Quarterly Trends report, business email compromise (BEC) and ransomware were the top threats in the second quarter of 2024, accounting for 60 percent of security incidents. Notably, technology was the most targeted vertical in Q2 2024, accounting for 24 percent of engagements, highlighting a 30 percent increase compared to Q1. Besides the technology sector, other prominent sectors targeted in Q2 include retail, healthcare, pharmaceuticals, education, public administration, etc. In terms of initial access vectors, the use of compromised credentials on valid accounts accounted for 60 percent of cyber incidents, followed by the exploitation of public-facing applications. Furthermore, vulnerable or misconfigured systems and a lack of proper MFA implementation were tied for the top observed security weaknesses in Q2, with Cisco Talos observing a 46 percent increase in each of these security weaknesses from the previous quarter.

Security Officer Comments:
While there has been a decrease in (BEC) attacks from the previous quarter, BEC attacks remain a significant threat to organizations globally. These attacks involve compromising legitimate business email accounts and using them to send phishing emails to employees, aiming to obtain sensitive information such as account credentials, which can then be used for further lateral movement within the organization. Cisco Talos has highlighted that the absence of multi-factor authentication (MFA) is a critical security weakness that continues to be exploited, making it easier for cybercriminals to compromise password-protected email accounts.

Suggested Corrections:
Organizations should prioritize patching known vulnerabilities to reduce the risk of threat actors exploiting these weaknesses. This involves regularly updating software and systems with the latest security patches provided by vendors. Ensuring systems are configured with industry best practices is also crucial. This includes adhering to security guidelines and frameworks such as the NIST Cybersecurity Framework, which can help establish a strong security posture and minimize potential attack vectors. Furthermore, implementing MFA wherever applicable adds an additional layer of security beyond just passwords. MFA requires users to provide multiple forms of verification before gaining access to sensitive systems, thereby significantly reducing the chances of unauthorized access. Lastly, training employees on the dangers of phishing is essential as phishing attacks are one of the most common and effective methods used by cybercriminals. Employees should be educated on how to recognize phishing attempts, including suspicious emails, links, and attachments. Additionally, they should be trained on how to effectively detect and report such lures to IT personnel promptly.

Link(s):
https://blog.talosintelligence.com/ir-trends-ransomware-on-the-rise-q2-2024/