Market ResearchNews

Healthcare Continues to be the Primary Focus of Hackers in the Second Quarter of 2023

Cisco Talos Intelligence Group, one of the largest commercial threat intelligence teams in the world, released its report for the second quarter of 2023, highlighting the most common attacks, targets, and other significant trends. The findings show how a lack of multi-factor authentication (MFA) remains one of the biggest impediments to enterprise security.

Carrying out ransomware attacks is likely becoming more challenging for hackers due to global law enforcement and industry disruption efforts, though it still saw a rise to 17 per cent of engagements. The biggest – and a growing – threat responded to by Talos Incident Response (IR) in Q2, however, was data theft extortion incidents that did not encrypt files or deploy ransomware.

The findings also show that continuing a trend from the first quarter, healthcare remains the most-targeted vertical, accounting for almost a quarter of all incident response engagements, closely followed by financial services. In a reverse of Q1 trends, web-shells engagement – malicious scripts that enable threat actors to compromise web-based servers exposed to the internet – declined.

Commenting on the report’s findings, Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA, Cisco, said, “People are often the prime target for any cyber-attack, they are the gateway to the central infrastructure of a company or organization. Fortunately, the vast majority of cyber threats can be overcome with awareness, common sense and a critical approach to security when moving in cyberspace. We can also stay ahead of the game by leveraging advanced technologies to analyze vast amounts of data in real-time and identify potential threats before they can cause any damage.”

Top Threats Observed in Q2 2023

Data theft: Data theft extortion was the top observed threat this quarter, accounting for 30 per cent of Cisco Talos Incident Response (Talos IR) engagements this quarter, overtaking web shells and still ranking above ransomware. The rise in data theft extortion incidents compared to previous quarters is consistent with public reporting on a growing number of ransomware groups stealing data and extorting victims without encrypting files and deploying ransomware.

Ransomware: Ransomware is the second most observed threat for Q2. The Clop ransomware group exploited a major vulnerability in the MOVEit file transfer software. This has led to many follow-on instances of data theft, with more than 200 companies affected as of early July.

Exploiting public-facing applications: Exploitation of public-facing applications has seen a significant decrease – down to 22 per cent (from 45 per cent last quarter) of engagements.

Additional Observations

  • The report showed that 30 per cent of engagements lacked multi-factor authentication or only had it enabled on select accounts and services.
  • Observed in over 50 per cent of engagements this quarter, PowerShell is a dynamic command line utility that continues to be a popular utility of choice for adversaries.
Show More

Chris Fernando

Chris N. Fernando is an experienced media professional with over two decades of journalistic experience. He is the Editor of Arabian Reseller magazine, the authoritative guide to the regional IT industry. Follow him on Twitter (@chris508) and Instagram (@chris2508).

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button