2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Tech firms top list of most targeted industry in Q2 by cybercriminals

Tech firms top list of most targeted industry in Q2 by cybercriminals>
Cisco Talos Intelligence – Nicole Hoffman
Business email compromise (BEC) and ransomware were the top threats observed by Cisco Talos Incident Response (Talos IR) in Q2 2024, accounting for 60% of engagements
BEC attacks remained a major threat, while ransomware saw a slight increase with the emergence of new families like Mallox and Underground Team
Key findings:
1) Compromised credentials on valid accounts were the most observed means of gaining initial access (60% of engagements).
2) Technology was the most targeted vertical (24%), followed by healthcare, pharmaceuticals, and retail.
3) Network device targeting increased slightly (24%), including password spraying, vulnerability scanning, and exploitation.
4) Vulnerable or misconfigured systems and lack of proper multi-factor authentication (MFA) implementation were the top observed security weaknesses.
5) PowerShell was the top execution technique (41%), while adversaries created new accounts for persistence (18%).
6) Abuse of remote services (RDP, SSH, SMB, WinRM) was observed in 53% of engagements.
7) Rundll32 abuse was a top defense evasion technique (18%).
8) Remote access software usage increased by 40%, with AnyDesk being the most observed
Notable ransomware trends:
1) Mallox: Compromised and encrypted a single Microsoft SQL server, consistent with public reporting.
2) Underground Team: Leveraged SSH for lateral movement and reactivated disabled Active Directory user accounts.
3) BlackSuit: Gained access through a VPN without MFA, deployed new utilities, and used sandbox evasion techniques.
4) Black Basta: Gained initial access using compromised RDP credentials without MFA and leveraged Rclone for data exfiltration
Organizations should focus on implementing MFA, educating employees about phishing, monitoring for risky login attempts, and regularly patching and monitoring network devices to mitigate these threats.
Link: https://blog.talosintelligence.com/ir-trends-ransomware-on-the-rise-q2-2024/

Categories:

Tags: