Cisco Talos Intelligence Group, among the world’s leading commercial threat intelligence teams, has unveiled its Q2 2023 report, spotlighting prevalent attacks, targets, and notable trends. The report underscores the persistent challenge of insufficient multi-factor authentication (MFA) as a major obstacle to enterprise security.
While hackers face increased obstacles in executing ransomware attacks due to global law enforcement and industry interventions, such attacks still rose to 17 percent of all engagements. Notably, the most significant and escalating threat encountered by Talos Incident Response (IR) in Q2 involved data theft extortion incidents, distinct for not encrypting files or employing ransomware.
In line with Q1, healthcare remains the top target, comprising nearly 25% of all incident response cases, followed closely by financial services. In a reversal of Q1 patterns, web-shell engagements—malicious scripts enabling threat actors to compromise internet-exposed web servers—saw a decline.
Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA at Cisco, emphasized the centrality of individuals as prime targets for cyberattacks and the critical role of awareness, common sense, and a vigilant security approach. Leveraging advanced real-time data analysis technologies enables proactive threat identification to avert potential damage.
Key Threats in Q2 2023:
1. Data Theft: Data theft extortion, accounting for 30 percent of Talos IR engagements, surpassed web shells and ransomware, aligning with reports of ransomware groups increasingly stealing and extorting data without encryption.
2. Ransomware: Ransomware ranked as the second most observed threat for Q2, with the Clop ransomware group exploiting a major vulnerability in MOVEit file transfer software, resulting in numerous data theft incidents affecting over 200 companies by early July.
3. Exploiting Public-Facing Applications: The exploitation of public-facing applications witnessed a significant drop, decreasing to 22 percent from the previous quarter’s 45 percent engagement rate.
– The report highlighted that 30 percent of engagements lacked MFA or had it enabled only on select accounts and services.
– PowerShell, a dynamic command-line utility, featured in over 50 percent of engagements during the quarter, remaining a favored tool among adversaries.
By Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA at Cisco