The latest Cisco Talos report on security breaches in the second quarter of this year indicates that the technology industry is currently the most vulnerable to hacker attacks. Following closely are the health care, pharmaceutical, and retail sectors. Furthermore, the report confirms that multi-factor authentication is the most effective security measure against attacks such as ransomware, which continues to remain a major security challenge.
Cisco Talos Incident Response (IR) states that vulnerable or improperly configured systems and a lack of proper multi-factor authentication were the most common security flaws in incidents recorded in the second quarter of 2024. These two factors were observed in almost all cases. In 80% of incidents involving ransomware, there was a lack of proper multi-factor authentication (MFA) implementation in critical systems such as VPNs. The lack of or improper implementation of MFA remains one of the biggest challenges for cybersecurity in 2024, as attackers seek ways to bypass this method of login or look for networks that do not possess it at all.
Business Email Compromise (BEC) and ransomware attacks were the most common threats last quarter, accounting for a combined 60% of all Cisco Talos interventions. Despite a decrease in the number of BEC cases compared to the previous quarter, these scams still constituted the main threats, for the second consecutive quarter.
BEC attacks use credible email accounts to send phishing messages in order to obtain sensitive data such as login credentials. Cybercriminals can also exploit infected accounts to spread messages with false financial requests, such as changing bank account details related to payroll or supplier invoices.
In several observed BEC incidents involving phishing as an infection vector, the adversaries utilized “smishing” (SMS phishing) to entice recipients to divulge personal information or click on a malicious link.
The most common method of gaining initial access was the use of stolen account credentials, accounting for 60% of all cases. This is a 25% increase compared to the previous quarter, where this method was also one of the main attack vectors.
Cisco Talos IR noted a slight increase in the number of attacks on network devices, which accounted for 24% of all attacks. These actions included password cracking, scanning for security gaps, and exploits. Experts warn that network devices should be regularly patched and continuously monitored, as they provide a pathway for confidential data entering and exiting the network. In case of a breach, an adversary can immediately infiltrate the organization, redirect or alter network traffic, and monitor network communication.
The most common technique used in attacks, accounting for 41% of all interventions this quarter, was the use of PowerShell. This represents a 33% increase compared to the previous quarter.
It also appears that the international law enforcement operation known as “Operation Endgame” has managed to at least temporarily halt the activities of botnets and loader malware. Cisco Talos emphasizes that it will continue to monitor some of the botnets whose activities were supposed to be disrupted, such as IcedID and Pikabot.
Technology companies were the most targeted in the second quarter of 2024, accounting for 24% of all incidents. This represents a nearly 30% increase compared to the previous quarter.
Organizations in the technology sector are seen as gateways to firms from other sectors as they play a crucial role in delivering and servicing a wide range of services. They often possess extensive digital resources supporting critical infrastructure, which means they cannot afford downtime and thus, from a hacker’s perspective, might be more inclined to meet ransom demands.
Given the huge number of BEC and ransomware attacks, organizations must prioritize the security of their systems. Only through a comprehensive approach to cybersecurity can one effectively protect oneself from increasingly advanced threats.
Source: https://managerplus.pl/branza-technologiczna-najbardziej-narazona-na-ataki-hakerskie-w-ii-kwartale-2024-r-65747