A recap of Q2 from Cisco Talos’ incident response services provides insight into exactly what kinds of attacks are being seen in the field, and what kinds of attacks you need to be protecting against.
While I love covering industry reports here, I also love to see practical experiences from the field summarized into trends. And that’s exactly what we find with Cisco Talos Incident Response’s Incident Response trends Q2 2023 recap. In it, we get a summary of the kinds of incidents they responded to over the last quarter, and see how those attacks are trending.
According to the recap:
- Data Theft Extortion accounted for 30% of all threats they responded to, with ransomware in second place with 17%
- Healthcare was the most-targeted vertical, accounting for 22% of all incidents
- The most active extortion groups were Clop, Karakurt and RansomHouse
Also worth noting is that Cisco Talos found that compromised credentials or valid accounts were the top observed means of gaining initial access, accounting for nearly 40 percent of all incidents. As a general rule, this points us back to a primary means of gaining access to credentials – through credential harvesting phishing attacks. These kinds of attacks are effectively the key to the success of the attacks Cisco Talos is seeing increases in. So, it becomes critical that organizations take steps – which includes enrolling users in security awareness training – to ensure users don’t fall for credential harvesting scams designed to provide initial access to these far more costly cyber attacks.