Ransomware and business email compromise (BEC) attacks are impacting businesses more than ever, according to a new report from Cisco Talos Incident Response (Talos IR).
The report said ransomware and BEC accounted for nearly two-thirds (60%) of attacks combined. There were fewer BEC attacks this quarter compared to the previous quarter, Talos added, noting that it “remains a significant threat for the second consecutive quarter.”
At the same time, ransomware accounted for almost a third (30%) of interactions this quarter, up a quarter (22%) compared to the same period three months ago.
Tech companies in the spotlight
Additionally, researchers observed the Mallox and Underground Team ransomware families for the first time, suggesting that the number of threat actors in the industry continues to grow. At the same time, the Black Basta and BlackSuit ransomware operations continue to wreak havoc among organizations.
Most organizations that fall victim to ransomware or BEC attacks are in the technology sector, according to the report. This is because these companies have extensive digital assets supporting critical infrastructure. As a result, they have a low tolerance for downtime and would be more willing to pay the demanded ransom and get back to work as soon as possible. Additionally, technology companies are also often seen as gateways to other sectors.
Overall, a quarter (24%) of attacks in the past three months were on technology companies, closely followed by those in the healthcare, pharmaceutical and retail sectors. Attacks against technology companies increased by 30% quarter-on-quarter.
Talos says a vast majority (80%) of victims fell victim to ransomware attacks because they did not have proper MFA implementations on critical systems, including virtual private networks (VPNs). The remainder of victims fell victim due to vulnerable or misconfigured systems, the researchers concluded. Talos IR observed a 46% increase in each of these security weaknesses over the previous quarter.