Data theft extortion was the biggest threat observed in Q2 this year, according to a report released by the Cisco Talos Intelligence Group.
The research showed that extortion comprised 30% of attacks, followed by ransomware (17% of engagements). The biggest, and a growing, threat responded to by Talos Incident Response (IR) in Q2 were data theft extortion incidents that did not encrypt files or deploy ransomware.
Cisco found that a lack of multi-factor authentication (MFA) remains one of the biggest impediments to enterprise security. The report showed that 30% of engagements lacked MFA or only had it enabled on select accounts and services.
Healthcare comprised 22% of engagements and continues to be the most targeted business vertical of 2023, closely followed by financial services at 17% of engagements.
The company added that carrying out ransomware attacks is likely becoming more challenging for hackers due to global law enforcement and industry disruption efforts, though it still saw a rise to 17% of engagements.
In a reverse of Q1 trends, web-shell engagements – malicious scripts that enable threat actors to compromise web-based servers exposed to the internet – declined.
Commenting on the report’s findings, Fady Younes, cyber security director, EMEA service providers and MEA at Cisco, said: “People are often the prime target for any cyber attack, they are the gateway to the central infrastructure of a company or organisation. Fortunately, the vast majority of cyber threats can be overcome with awareness, common sense and a critical approach to security when moving in cyberspace. We can also stay ahead of the game by leveraging advanced technologies to analyse vast amounts of data in real-time and identify potential threats before they can cause any damage.”
Top threats observed in Q2 2023
- Data theft
Data theft extortion was the top observed threat, accounting for 30% of Cisco Talos Incident Response (Talos IR) engagements this quarter, overtaking web-shells and still ranking above ransomware.
The rise in data theft extortion incidents compared to previous quarters is consistent with public reporting on a growing number of ransomware groups stealing data and extorting victims without encrypting files anddeploying ransomware.
- Ransomware: Ransomware is the second most observed threat for Q2. The Clop ransomware group exploited a major vulnerability in the MOVEit file transfer software. Thishas led to many follow-on instances of data theft, with more than 200 companies affected as of early July.
- Exploiting public-facing applications: Exploitation of public-facing applications has seen a significant decrease – down to 22% (from 45% last quarter) of engagements.