Cisco Talos’s latest quarterly report shows that during April, May and June 2022, commodity malware outpaced ransomware for the first time in more than a year, comprising 20% of the threats observed, followed by ransomware, phishing, business email compromise (BEC) and advanced persistent threats.
This quarter mainly saw an increase in commodity malware threats, widely available for purchase or download. This type of malware is typically not customised and is used by a variety of actors to deliver additional threats in various stages of their operation and/or to deliver additional threats.
Cisco Talos also observed ongoing Qakbot activity, which leverages thread hijacking, allowing threat actors to use compromised email accounts to insert malicious replies into the middle of existing email conversations.
Compared to previous years, ransomware made up a smaller portion, comprising 15% of all threats, compared with 25 percent last quarter. The drop is attributed to various factors including the closure of several ransomware groups, whether it be of their own volition or the actions of global law enforcement agencies and governments.
The top-targeted industry continues to be telecommunications, following a trend where it was among the top targeted sectors in Q4 2021 and Q1 2022, closely followed by organisations in the education and healthcare sectors.
Other targeted verticals include financial services, local government, food services, retail, automotive, information technology, production and manufacturing. Meanwhile, the US continues to be the top targeted country followed by Europe, Asia, North America and Middle East.
Fady Younes, cybersecurity director, EMEA service providers and MEA, says: “Organisations across countries of the Middle East and Africa hold a huge amount of sensitive data that is prone to cyber threats and needs to be secured. With cyberattacks becoming more sophisticated, the demand for comprehensive cybersecurity solutions is increasing.
“Cisco is uniquely positioned to support governments and businesses of all sizes and across industries in our region, addressing the cyber security challenges they are facing, and helping them increase their security resilience.”
In order to protect from these threats, Cisco recommends that organisations implement multi-factor authentication (MFA) on all critical services. Endpoint detection and response solutions are also key to detecting malicious activity across machines and networks.