Content, Channel partners

Cisco Incident Response Report: Commodity Malware Top Threat in Q2

Cyber Security, Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing

Commodity malware surpassed ransomware as the top threat to global organizations in the second quarter of 2022, according to research from the Cisco Talos Incident Response (CTIR) team.

This marks the first time in more than a year that ransomware was not the top threat in a quarter.

Other notable findings from CTIR's research included:

  • Commodity malware comprised 20% of all threats observed during the quarter.
  • New clusters of activity involving Remcos remote access trojan (RAT), Vidar infostealer, Redline Stealer, Qakbot (Qbot) and other malware were identified; these malware strains delivered a variety of payloads.
  • Ransomware comprised 15% of all threats observed, compared to 25% in the first quarter of 2022.
  • The United States was the top targeted region, followed by Europe and Asia.

Cybercriminals Use Ransomware-as-a-Service, New Version of LockBit

CTIR's research highlighted several cybercriminal trends, including:

  • Cybercriminals used ransomware-as-a-service (RaaS) groups like Conti and BlackCat to attack organizations and seek large payouts.
  • They most commonly targeted the telecommunications industry, followed by the education and healthcare sectors.
  • They used a new version of LockBit ransomware that includes new cryptocurrency payment options for victims, additional extortion tactics and a new bug bounty program.

The research also revealed cybercriminals utilized various MITRE ATT&CK techniques in cyberattacks, such as:

  • Brute force to access end-user accounts.
  • Email-based threats and social engineering techniques to entice users to click on a malicious link or file.
  • Identification and exploitation of misconfigured or unpatched and vulnerable public-facing applications.
  • Techniques associated with credential harvesting tools and utilities, such as Mimikatz and Impacket, to obtain users' account and password information.

MFA Can Help Global Organizations Address Security Weaknesses

Ultimately, a lack of multi-factor authentication (MFA) is "one of the biggest impediments" for global organizations, CTIR pointed out. To address this issue, CTIR recommends organizations establish MFA security policies and guidelines and ensure that all third parties follow them.

MSSPs can help their customers implement MFA security policies and guidelines as well. They also can provide services to ensure that their customers can optimize their security posture.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.