- For the first time since these reports were compiled, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of the threats this quarter.
- The education sector was the most targeted by attackers this quarter, followed by the financial services sector, government, and energy, respectively. For the first time since the fourth quarter of 2021, the telecom sector was not the top target vertical. While it is not known why the education sector was so frequently targeted this quarter, this is a common time of year for adversaries to target educational institutions as students and teachers are back in school.
- Q3 also featured previously seen high-level ransomware variants such as Hive and Vice Society and a new family of ransomware (Black Basta) that debuted in April 2022 and has yet to be seen in incident response operations.
- Cisco Talos also continued to monitor threats that had been consistently present in previous quarters, including phishing and business email compromise (BEC), attempts to exploit vulnerabilities or vulnerabilities in public applications, and insider threats.
- Within companies, the lack of multi-factor authentication (MFA) remains one of the biggest hurdles to corporate security, according to the report. Approximately 18% of the posts either did not have MFA or had it only enabled on a few critical accounts and services, allowing cybercriminals to log in and authenticate.
Commenting on the findings of the report, Fadi Younes, Director of Cyber Security, Service Providers EMEA, Cisco said: “Today, more than ever, in an increasingly connected and digital age, cyber security is of paramount importance. As businesses and governments Across the region seeking to protect its data and businesses, Cisco continues to support our customers, helping to drive rapid detection and protection from cyberthreats.”
He added, “Security is a data game. The more insights we have into the threat landscape, the better our telemetry, the more likely we are to be able to prevent security incidents. When a breach occurs, our capabilities can detect threats, respond to them, and remediate them as quickly as possible.”
More information is available in the Cisco Talos Quarterly Report: Incident Response Trends in the Q3 2022 Blog.
Cisco (NASDAQ: CSCO) is the world leader in the technology that enables the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future. Find out more in the newsroom and follow us on Twitter at @Cisco.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the United States and other countries. A list of Cisco’s trademarks can be found at www.cisco.com/go/trademarks. The trademarks of the third parties mentioned are the property of their respective owners. The use of the word “partner” does not imply a partnership relationship between Cisco and any other company.