One of the world’s top private threat intelligence teams, Cisco Talos, has released its latest quarterly report examining incident response trends and global cyberthreats.
“Today, more than ever – in an increasingly connected and digital age – cybersecurity is of the utmost importance,” says Fady Younes, cybersecurity director, EMEA service providers and MEA, Cisco. “As enterprises and governments across the region seek to safeguard their data and businesses, Cisco continues to support our customers, helping drive rapid detection and protection against cyber risks.
“Security is a game of data,” he adds. “The more insights we have into the threat landscape, the better our telemetry is, the higher the likelihood of being able to prevent security incidents. When a breach occurs, our capabilities can detect, respond and remediate threats as fast as possible.”
Key findings from the report include:
* For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40% of threats this quarter.
* The education sector was the most targeted by attackers, closely followed by the financial services, government, and energy sectors, respectively. For the first time since Q4 2021, the telecommunications sector was not the top-targeted vertical. While the reason for the education sector being more frequently targeted this quarter is unknown, this is a popular time of year for adversaries to target education institutions as students and teachers have returned to school.
* Q3 was also characterised by previously seen high-profile ransomware variants such as Hive and Vice Society and a new ransomware family (Black Basta) that first emerged in April 2022 and had yet to be observed in incident response engagements.
Cisco Talos also continued to observe threats that have been consistently present in previous quarters, including phishing and Business Email Compromise (BEC), attempts to exploit weaknesses or vulnerabilities in public-facing applications, and insider threats.
Within enterprises, the lack of Multi-Factor Authentication (MFA) remains one of the biggest obstacles to corporate security, according to the report. Nearly 18% of engagements either had no MFA or only had it enabled on a handful of accounts and critical services, allowing the cybercriminal to log in and authenticate.