In the second quarter of 2024, ransomware and business email compromise (BEC) attacks dominated the cybersecurity landscape, accounting for 60% of all reported cyber incidents, according to a recent Cisco Talos report. This substantial rise underscores a significant shift in the threat landscape, with ransomware alone comprising 30% of the total incidents—a 22% increase from the previous quarter. BEC attacks, though showing a decline to 30% from 50% in Q1 2024, continue to pose a significant threat, impacting various sectors by exploiting compromised business email accounts to facilitate phishing and fraudulent financial requests.
The technology sector was notably the most targeted, representing 24% of incidents, a dramatic 30% increase from the previous quarter. This surge highlights a strategic shift by attackers who view technology firms as critical entry points into other industries and essential infrastructure. The report reveals that technology firms’ central role in servicing a wide array of industries makes them prime targets for cybercriminals aiming to gain access to broader networks and data.
The Cisco Talos report also identifies compromised credentials as the most common method of initial access, accounting for 60% of breaches—an increase of 25% from the first quarter of 2024. A significant factor contributing to this vulnerability is the widespread lack of multi-factor authentication (MFA) on critical systems, including VPNs. In 80% of ransomware engagements analyzed, inadequate MFA implementation made it easier for attackers to gain initial access and maintain persistence within targeted networks.
BEC attacks, which involve phishing and fraudulent financial requests from compromised email accounts, have seen a varied range of tactics. These include smishing attacks—fraudulent text messages designed to harvest personal information—and sophisticated phishing schemes targeting personal email accounts to bypass MFA. Despite a decrease in BEC incidents compared to the previous quarter, the report emphasizes that attackers continue to evolve their techniques, underscoring the need for robust security measures and vigilant monitoring to counteract these persistent threats.
Reference:
