Cisco Talos, one of the world’s largest private threat intelligence teams, released its latest quarterly report, “Incident Response Trends in Q3 2022,” that examines incident response trends and global cyber threats.
Highlighting the key findings, the report notes that for the first time since the compiling of these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40% of threats this quarter.
Interestingly, the report has found that the education sector was the most targeted by attackers this quarter, closely followed by the financial services, government and energy sectors, respectively. For the first time since Quarter 4, 2021, the telecommunications sector was not the top-targeted vertical. While the reason for the education sector being more frequently targeted this quarter is unknown, this is a popular time of year for adversaries to target education institutions as students and teachers have returned to school.
Q3 was also characterized by previously seen high-profile ransomware variants such as Hive and Vice Society and a new ransomware family (Black Basta) that first emerged in April 2022 and had yet to be observed in incident response engagements.
Cisco Talos also continued to observe threats that have been consistently present in previous quarters, including phishing and Business Email Compromise (BEC), attempts to exploit weaknesses or vulnerabilities in public-facing applications and insider threats.
The lack of Multi-Factor Authentication (MFA) remains one of the biggest obstacles to corporate security within enterprises, notes the report. Nearly 18% of engagements either had no MFA or only had it enabled on a handful of accounts and critical services, allowing the cybercriminal to log in and authenticate.
Commenting on the report’s findings, Fady Younes, cybersecurity director, EMEA Service Providers and MEA, Cisco, noted, “Today, more than ever, in an increasingly connected and digital age, cybersecurity is of the utmost importance. As enterprises and governments across the region seek to safeguard their data and businesses, Cisco continues to support our customers, helping drive rapid detection and protection against cyber risks.”
“Security is a game of data. The more insights we have into the threat landscape, the better our telemetry is, the higher the likelihood of being able to prevent security incidents. When a breach occurs, our capabilities can detect, respond and remediate threats as fast as possible,” he stressed.