The Cisco Talos Incident Response (CTIR) team, backed by the world’s largest commercial threat intelligence organisation, has released its quarterly Threat Assessment Report.
According to CTIR, ransomware accounted for almost half of all incidents and more than triple that of the next most common threat. Actors targeted a broad range of verticals, including transportation, utilities, healthcare, government, telecoms, technology, machinery, chemical distribution, manufacturing, education, real estate and agriculture.
Commenting on the Cisco Talos Threat Assessment Report, Fady Younes, Cybersecurity Director at Cisco Middle East and Africa, said: “There are many reasons why actors are continuing to target the healthcare industry, including the COVID-19 pandemic, incentivising victims to pay to restore services as quickly as possible.
“On a positive note, there were several pre-ransomware events in which timely detection via Cisco Secure products, along with quick remediation led to containment of the incident before encryption could occur.”
Ransomware actors used commercial tools like Cobalt Strike, open-source tools and tools native on the victim’s device.
Other observed threats included the exploitation of known vulnerabilities, cryptocurrency mining and account compromise. Interestingly, there were multiple incidents involving trojanised USB drives, which is an older attack vector not seen in many years.