Cisco Talos Intelligence Group, one of the largest commercial threat intelligence teams in the world, released its report for the second quarter of 2023, highlighting the most common attacks, targets, and other significant trends. The findings show how a lack of multi-factor authentication (MFA) remains one of the biggest impediments to enterprise security.
Carrying out ransomware attacks is likely becoming more challenging for hackers due to global law enforcement and industry disruption efforts, though it still saw a rise to 17 per cent of engagements. The biggest – and a growing – threat responded to by Talos Incident Response (IR) in Q2, however, was data theft extortion incidents that did not encrypt files or deploy ransomware.
The findings also show that, continuing a trend from the first quarter, healthcare remains the most-targeted vertical, accounting for almost a quarter of all incident response engagements, closely followed by financial services. In a reverse of Q1 trends, web-shells engagement – malicious scripts that enable threat actors to compromise web-based servers exposed to the internet – declined.
Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA, Cisco
Commenting on the report’s findings, Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA, Cisco, said: “People are often the prime target for any cyber-attack, they are the gateway to the central infrastructure of a company or organisation. Fortunately, the vast majority of cyber threats can be overcome with awareness, common sense, and a critical approach to security when moving in cyberspace. We can also stay ahead of the game by leveraging advanced technologies to analyse vast amounts of data in real-time and identify potential threats before they can cause any damage.”
Related: North America sees growing investment in healthcare cybersecurity market
Top threats observed in the second quarter of 2023
Data theft: Data theft extortion was the top observed threat this quarter, accounting for 30 per cent of Cisco Talos Incident Response (Talos IR) engagements this quarter, overtaking web-shells and still ranking above ransomware. The rise in data theft extortion incidents compared to previous quarters is consistent with public reporting on a growing number of ransomware groups stealing data and extorting victims without encrypting files and deploying ransomware.
Ransomware: Ransomware is the second most observed threat for Q2. The Clop ransomware group exploited a major vulnerability in the MOVEit file transfer software. This has led to many follow-on instances of data theft, with more than 200 companies affected as of early July.
Exploiting public-facing applications: Exploitation of public-facing applications has seen a significant decrease – down to 22 per cent (from 45 per cent last quarter) of engagements.
Related: Strategies to protect Saudi Arabia healthcare from cyberattacks
Additional observations
- The report showed that 30 per cent of engagements lacked multi-factor authentication or only had it enabled on select accounts and services.
- Observed in over 50 per cent of engagements this quarter, PowerShell is a dynamic command line utility that continues to be a popular utility of choice for adversaries.
For more details on Cisco Talos' Q2 2023 findings, click here.
Access the must-read eBook on AI here to discover perspectives on its transformative role in the healthcare industry.
