A new report by Cisco Talos Incident Response (Talos IR) reveals that ransomware and business email compromise (BEC) attacks are hitting businesses harder than ever.
According to the report, ransomware and BEC attacks accounted for nearly two-thirds (60%) of all engagements. Although there were fewer BEC incidents this quarter than last, they remain a significant threat for the second consecutive quarter.
At the same time, ransomware attacks made up almost a third (30%) of engagements this quarter, showing a notable increase of 22% compared to three months ago.
Tech firms targeted
The report also highlighted the emergence of new ransomware families, such as Mallox and Underground Team, indicating a growing number of threat actors in the industry. Additionally, well-known ransomware groups like Black Basta and BlackSuit continue to cause significant disruptions for organisations.
Technology firms are particularly vulnerable to these attacks due to their extensive digital assets and critical infrastructure. These companies cannot afford prolonged downtime and are often more willing to pay ransom demands to resume operations quickly. Moreover, tech firms are frequently viewed as entry points to other industries.
In the past three months, 24% of all engagements involved tech firms, closely followed by the healthcare, pharmaceutical, and retail sectors. Attacks on tech firms have risen by 30% quarter-on-quarter.
Vulnerabilities and security weaknesses
The Talos report states that a significant majority (80%) of ransomware victims fell prey due to inadequate multi-factor authentication (MFA) implementations on critical systems, including virtual private networks (VPNs). The remaining victims suffered from either vulnerable or misconfigured systems. Talos IR observed a 46% increase in these security weaknesses from the previous quarter.
Conclusion
The growing sophistication and frequency of ransomware and BEC attacks underscore the need for businesses to bolster their cybersecurity measures. Proper implementation of MFA and regular system updates are crucial in protecting against these pervasive threats.
