According to a recent report by Cisco Talos Incident Response (Talos IR), ransomware and business email compromise (BEC) attacks are affecting businesses more than they have historically.
Nearly two-thirds (60%) of engagements were caused by ransomware and BEC combined. Although there had been fewer BEC engagements this quarter than last, Talos noted that the threat posed by it was still significant for the second consecutive quarter.
In addition, ransomware accounted for nearly a third (30%) of all engagements this quarter, which is a 25% increase from the same period in 2023 (22%).
Tech Firms In The Crosshairs
Additionally, the researchers noted the first-ever observations of the Mallox and Underground Team ransomware families, indicating an increasing number of threat actors in the market. Concurrently, the ransomware operations of Black Basta and BlackSuit persist in causing chaos to various organisations.
The report pointed out that the bulk of companies that become targets of BEC or ransomware attacks are in the technology sector. This is because these companies have substantial digital assets that support vital infrastructure. They therefore have a low threshold for downtime and would be more eager to settle the ransom demand and resume operations as soon as feasible.
Moreover, IT companies are frequently perceived as entry points into various other sectors. During the last three months, tech companies accounted for a quarter (24%) of all engagements, with healthcare, pharmaceutical, and retail coming in close second. Quarter over quarter, attacks on tech companies have increased by 30%.
According to Talos, the vast majority of victims, 80%, were taken advantage of by ransomware attacks as a result of improper multifactor authentication (MFA) implementations on crucial systems, such as virtual private networks (VPNs).
The researchers concluded that the remaining victims were the result of either compromised or incorrectly configured systems. Compared to the previous quarter, Talos IR saw a 46% increase in each of these security flaws.