Healthcare Remain the Most Targeted Vertical by Hackers in the Second Quarter of 2023
According to Cisco’s Latest Findings:
- Healthcare comprised 22% of engagements (continues to be the most targeted business vertical of 2023), closely followed by financial services (17% of engagements).
- Extortion was the most observed threat this quarter, comprising 30% of attacks, followed by Ransomware (17% of engagements).
Dubai, United Arab Emirates – 28 August 2023: Cisco Talos Intelligence Group, one of the largest commercial threat intelligence teams in the world, released its report for the second quarter of 2023, highlighting the most common attacks, targets, and other significant trends. The findings show that a lack of multi-factor authentication (MFA) is one of the biggest impediments to enterprise security.
Carrying out ransomware attacks is likely becoming more challenging for hackers due to global law enforcement and industry disruption efforts, though it still saw a rise to 17 percent of engagements. The biggest – and a growing – threat responded to by Talos Incident Response (IR) in Q2, however, was data theft extortion incidents that did not encrypt files or deploy ransomware.
The findings also show that continuing a trend from the first quarter, healthcare remains the most-targeted vertical, accounting for almost a quarter of all incident response engagements, closely followed by financial services. In a reverse of Q1 trends, web-shells engagement – malicious scripts that enable threat actors to compromise web-based servers exposed to the internet – declined.
Commenting on the report’s findings, Fady Younes, Cybersecurity Director, EMEA Service Providers, and MEA, Cisco, said: “People are often the prime target for any cyber-attack; they are the gateway to the central infrastructure of a company or organization. Fortunately, most cyber threats can be overcome with awareness, common sense, and a critical approach to security when moving in cyberspace. We can also stay ahead of the game by leveraging advanced technologies to analyze vast amounts of data in real-time and identify potential threats before they can cause any damage.”
Top Threats Observed in Q2 2023
Data theft: Data theft extortion was the top observed threat this quarter, accounting for 30 percent of Cisco Talos Incident Response (Talos IR) engagements, overtaking web shells, and still ranking above ransomware. The rise in data theft extortion incidents compared to previous quarters is consistent with public reporting on a growing number of ransomware groups stealing data and extorting victims without encrypting files and deploying ransomware.
Ransomware: Ransomware is the second most observed threat for Q2. The Clop ransomware group exploited a significant vulnerability in the MOVEit file transfer software. This has led to many follow-on instances of data theft, with more than 200 companies affected as of early July.
Exploiting public-facing applications: Exploitation of public-facing applications has seen a significant decrease – down to 22 percent (from 45 percent last quarter) of engagements.
Additional Observations
- The report showed that 30 percent of engagements lacked multi-factor authentication or only had it enabled on select accounts and services.
- Observed in over 50 percent of engagements this quarter, PowerShell is a dynamic command line utility that continues to be a popular utility of choice for adversaries.
For more details on Cisco Talos’ Q2 2023 findings, click here.
