After falling slightly on the list of the top cybersecurity threats for 2023, ransomware rose back to the top, a report from cybersecurity researchers Cisco Talos claims.
The company’s findings show that ransomware increased significantly in the fourth quarter of 2023, with the education sector now one of the biggest targets.
According to the Quarterly Trends report, ransomware and pre-ransomware activity was the most commonly observed threat for the fourth quarter of 2023, accounting for more than a quarter (28%) of all Cisco Talos Incident Response engagements. This activity increased by 17%, compared to the third quarter of the year. Notably, the researchers said multiple ransomware operators were active last quarter, but specifically mentioned Play, Cactus, BlackSuit and NoEscape. For example, ALPHV (BlackCat) was “not observed” by Talos IR this quarter.
Missing MFA
While manufacturing has historically been one of the most targeted industries, this quarter’s score is tied with education, as the two accounted for nearly 50% of total incident response orders, the report said.
Typically, the threat actors used either compromised credentials on valid accounts for initial access or a flawed public application. Both methods accounted for 28% of engagements. Remote access software such as ScreenConnect, SplashTop and AnyDesk were used in almost a quarter of engagements this quarter.
However, there is a relatively simple way to reduce the chance of being attacked by ransomware, the researchers indicate. Apparently, the lack of implementation of multi-factor authentication (MFA) was the biggest security weakness, accounting for more than a third (36%) of all engagements, and “a continuation of a trend we observed in 2023.” In other words, companies should ensure they activate MFA on employee accounts wherever and whenever possible.