Commodity malware surpassed ransomware as the top threat to global organizations in the second quarter of 2022, according to research from the Cisco Talos Incident Response (CTIR) team.This marks the first time in more than a year that ransomware was not the top threat in a quarter.Other notable findings from CTIR's research included:The research also revealed cybercriminals utilized various MITRE ATT&CK techniques in cyberattacks, such as:
- Commodity malware comprised 20% of all threats observed during the quarter.
- New clusters of activity involving Remcos remote access trojan (RAT), Vidar infostealer, Redline Stealer, Qakbot (Qbot) and other malware were identified; these malware strains delivered a variety of payloads.
- Ransomware comprised 15% of all threats observed, compared to 25% in the first quarter of 2022.
- The United States was the top targeted region, followed by Europe and Asia.
Cybercriminals Use Ransomware-as-a-Service, New Version of LockBit
CTIR's research highlighted several cybercriminal trends, including:- Cybercriminals used ransomware-as-a-service (RaaS) groups like Conti and BlackCat to attack organizations and seek large payouts.
- They most commonly targeted the telecommunications industry, followed by the education and healthcare sectors.
- They used a new version of LockBit ransomware that includes new cryptocurrency payment options for victims, additional extortion tactics and a new bug bounty program.
- Brute force to access end-user accounts.
- Email-based threats and social engineering techniques to entice users to click on a malicious link or file.
- Identification and exploitation of misconfigured or unpatched and vulnerable public-facing applications.
- Techniques associated with credential harvesting tools and utilities, such as Mimikatz and Impacket, to obtain users' account and password information.
