Ransomware and Business Email Compromise (BEC) attacks are hitting businesses more than ever before, according to a new report from Cisco Talos Incident Response (Talos IR).
The report found that ransomware and BEC together accounted for nearly two-thirds (60%) of the involvement. There were fewer BEC involvements this quarter than the previous one, Talos added, noting that it “remained a major threat for the second quarter in a row.”
At the same time, ransomware accounted for nearly a third (30%) of involvement this quarter, up from a quarter (22%) compared to the same period three months ago.
Tech companies in the spotlight
Additionally, researchers observed Mallox and Underground Team ransomware families for the first time, suggesting that the number of threat actors in the industry continues to grow. At the same time, Black Basta and BlackSuit ransomware operations continue to wreak havoc on organizations.
The majority of organizations that fall victim to ransomware or BEC attacks are in the technology sector, the report further states. This is because these companies have extensive digital assets that support critical infrastructure. As a result, they have minimal tolerance for downtime and would be more likely to pay the ransom and get back to work as soon as possible. Furthermore, technology companies are often seen as gateways to other sectors as well.
In total, a quarter (24%) of engagements in the past three months came from tech companies, closely followed by healthcare, pharmaceuticals and retail. Attacks on tech companies are up 30% quarter-on-quarter.
Talos says a large majority (80%) of victims fell victim to ransomware attacks because they lacked proper MFA implementations on critical systems, including virtual private networks (VPNs). The rest of the victims fell prey to vulnerable or misconfigured systems, the researchers found. Talos IR observed a 46% increase in each of these security weaknesses compared to the previous quarter.