Business email compromise (BEC) and ransomware were the top threats observed by Cisco Talos Incident Response (Talos IR) in the second quarter of 2024, together accounting for 60 percent of engagements.
Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row. There was a slight increase in ransomware where Talos IR responded to Mallox and Underground Team ransomware for the first time this quarter, as well as the previously seen Black Basta and BlackSuit ransomware operations.
For the third quarter in a row, the most observed means of gaining initial access was the use of compromised credentials on valid accounts, which accounted for 60 percent of engagements this quarter, a 25 percent increase from the previous quarter.
Technology was the most targeted vertical this quarter, accounting for 24 percent of engagements, closely followed by healthcare, pharmaceuticals and retail. There was a 30 percent increase in engagements affecting the technology sector from the previous quarter. Organizations in the technology sector may be seen as gateways into other industries and organizations given their significant role in supplying and servicing a wide range of sectors, making them attractive targets for adversaries.
Technology organizations often have extensive digital assets supporting critical infrastructure, which means they have minimal tolerance for downtime and may, therefore, be more likely to pay extortion demands.
Talos IR also observed a slight increase in network device targeting this quarter, accounting for 24 percent of engagements. This activity included password-spraying, vulnerability scanning and exploitation.
Surge in BEC continues
Within BEC attacks, adversaries will compromise legitimate business email accounts and use them to send phishing emails to obtain ..
Support the originator by clicking the read the rest link below.
