Cisco Incident Response Report: Commodity Malware Top Threat in Q2
Commodity malware surpassed ransomware as the top threat to global organizations in the second quarter of 2022, according to research from the Cisco Talos Incident Response (CTIR) team.
This marks the first time in more than a year that ransomware was not the top threat in a quarter.
Other notable findings from CTIR’s research included:
- Commodity malware comprised 20% of all threats observed during the quarter.
- New clusters of activity involving Remcos remote access trojan (RAT), Vidar infostealer, Redline Stealer, Qakbot (Qbot) and other malware were identified; these malware strains delivered a variety of payloads.
- Ransomware comprised 15% of all threats observed, compared to 25% in the first quarter of 2022.
- The United States was the top targeted region, followed by Europe and Asia.
Cybercriminals Use Ransomware-as-a-Service, New Version of LockBit
CTIR’s research highlighted several cybercriminal trends, including:
- Cybercriminals used ransomware-as-a-service (RaaS) groups like Conti and BlackCat to attack organizations and seek large payouts.
- They most commonly targeted the telecommunications industry, followed by the education and healthcare sectors.
- They used a new version of LockBit ransomware that includes new cryptocurrency payment options for victims, additional extortion tactics and a new bug bounty program.
The research also revealed cybercriminals utilized various MITRE ATT&CK techniques in cyberattacks, such as:
- Brute force to access end-user accounts.
- Email-based threats and social engineering techniques to entice users to click on a malicious link or file.
- Identification and exploitation of misconfigured or unpatched and vulnerable public-facing applications.
- Techniques associated with credential harvesting tools and utilities, such as Mimikatz and Impacket, to obtain users’ account and password information.
MFA Can Help Global Organizations Address Security Weaknesses
Ultimately, a lack of multi-factor authentication (MFA) is “one of the biggest impediments” for global organizations, CTIR pointed out. To address this issue, CTIR recommends organizations establish MFA security policies and guidelines and ensure that all third parties follow them.
MSSPs can help their customers implement MFA security policies and guidelines as well. They also can provide services to ensure that their customers can optimize their security posture.