Ransomware and business email compromise (BEC) attacks are hitting businesses more than ever before, a new report by Cisco Talos Incident Response (Talos IR) has claimed.
The report states ransomware and BEC accounted for almost two-thirds (60%) of engagements, combined. There had been fewer BEC engagements this quarter, compared to the previous one, Talos added, noting it was “still a major threat for the second quarter in a row.”
At the same time, Ransomware accounted for almost a third (30%) of engagements this quarter, up by a quarter (22%) compared to the same time three months ago.
Tech firms in the crosshairs
Furthermore, the researchers observed Mallox and Underground Team ransomware families for the first time, suggesting the number of threat actors in the industry continues to grow. At the same time, Black Basta and BlackSuit ransomware operations continue to wreak havoc among organizations.
The majority of organizations falling victim to either ransomware or BEC attacks are in the technology industry, the report further states. This is due to these firms having extensive digital assets, supporting critical infrastructure. As a result, they have minimal tolerance for downtime and would be more keen to pay the ransom demand and get back to work as soon as possible. Furthermore, tech firms are often seen as gateways into other industries, as well.
In total, a quarter (24%) of engagements in these past three months were from tech firms, closely followed by healthcare, pharma, and retail. Attacks against tech firms are up by 30%, quarter-on-quarter.
Talos says that a huge majority (80%) of victims fell prey to ransomware attacks because they didn’t have proper MFA implementations on critical systems, including virtual private networks (VPN). The remainder of the victims fell prey due to either vulnerable, or misconfigured systems, the researchers concluded. Talos IR observed a 46% increase in each of these security weaknesses from the previous quarter.
