Data theft on the rise amid lack of MFA

Christopher Tredger
By Christopher Tredger, Portals editor
Johannesburg, 12 Sept 2023
Fady Younes, cyber security director, EMEA service providers and MEA, Cisco.
Fady Younes, cyber security director, EMEA service providers and MEA, Cisco.

Data theft extortion was the biggest threat observed in Q2 this year, according to a report released by the Cisco Talos Intelligence Group.

The research showed that extortion comprised 30% of attacks, followed by ransomware (17% of engagements). The biggest, and a growing, threat responded to by Talos Incident Response (IR) in Q2 were data theft extortion incidents that did not encrypt files or deploy ransomware.

Cisco found that a lack of multi-factor authentication (MFA) remains one of the biggest impediments to enterprise security. The report showed that 30% of engagements lacked MFA or only had it enabled on select accounts and services.

Healthcare comprised 22% of engagements and continues to be the most targeted business vertical of 2023, closely followed by financial services at 17% of engagements.

The company added that carrying out ransomware attacks is likely becoming more challenging for hackers due to global law enforcement and industry disruption efforts, though it still saw a rise to 17% of engagements.

In a reverse of Q1 trends, web-shell engagements – malicious scripts that enable threat actors to compromise web-based servers exposed to the internet – declined.

Commenting on the report’s findings, Fady Younes, cyber security director, EMEA service providers and MEA at Cisco, said: “People are often the prime target for any cyber attack, they are the gateway to the central infrastructure of a company or organisation. Fortunately, the vast majority of cyber threats can be overcome with awareness, common sense and a critical approach to security when moving in cyberspace. We can also stay ahead of the game by leveraging advanced technologies to analyse vast amounts of data in real-time and identify potential threats before they can cause any damage.”

Top threats observed in Q2 2023

  • Data theft
     Data theft extortion was the top observed threat, accounting for 30% of Cisco Talos Incident Response (Talos IR) engagements this quarter, overtaking web-shells and still ranking above ransomware.

    The rise in data theft extortion incidents compared to previous quarters is consistent with public reporting on a growing number of ransomware groups stealing data and extorting victims without encrypting files anddeploying ransomware.
  • Ransomware: Ransomware is the second most observed threat for Q2. The Clop ransomware group exploited a major vulnerability in the MOVEit file transfer software. Thishas led to many follow-on instances of data theft, with more than 200 companies  affected as of early July.
  • Exploiting public-facing applications: Exploitation of public-facing applications has seen a significant decrease – down to 22% (from 45% last quarter) of engagements.