Cisco Talos weighs in on the cyberthreats you need to worry about. And how to prevent them
-
Posted By :
Comments Off on Cisco Talos weighs in on the cyberthreats you need to worry about. And how to prevent them
Cisco Talos weighs in on the cyberthreats you need to worry about. And how to prevent them

Aug 3, 2022 — Cisco Talos is among the most comprehensive threat intelligence teams in the world, combining cutting-edge technologies with unmatched talent and expertise. And with the most extensive telemetry and partner network in the industry, it captures unique insights into the threats that could impact your organization.

So, what trends has Talos been seeing so far in 2022?

According to Cisco Talos Incident Response (CTIR) Q2 report, ransomware was unseated from the top perch for the first time in more than a year. The new contender? Commodity malware — that is, untargeted threats directed at a wide swath of users, often via free downloads off emails.

A key reason for commodity malware’s success is bad security practices — on both organizational and individual levels.

“You’d be correct in saying the commodity malware was the top threat this quarter,” said Talos’s Bruce E. Hennigar II. “Even though we’re two quarters into 2022 and what, 20 years into cybersecurity, people are still clicking on that phishing email.”

Commodity malware comprised 20 percent of all engagements CTIR investigated in Q2. Prominent commodity malware offenders included the Remcos RAT, Vidar information stealer, Redline Stealer, and the Qakbot banking trojan.

Meanwhile, from Q1, ransomware dropped from 25 percent to 15 percent of CTIR engagements. One reason for this fall from “grace” was the Ukraine war. According to Henninger, the Russian government co-opted many ransomware gangs to support the attack on Ukraine.

Of course, ransomware remains a serious threat. High-profile ransomware-as-a-service (RaaS) groups in Q2 included Conti and BlackCat, both of which sought big payouts from large organizations. The Conti group has apparently disbanded, though a new variant called Black Basta may be assuming its mantle. At the same time, LockBit ransomware has honed its extortion tactics in a new version, which also offers cryptocurrency as a payment option for victims.

As for top sectors targeted, the telecommunications industry led the pack once again within our engagements, followed by education and health care. And the United States is the top nation targeted.

Category: