news-details
Technology

Cisco Talos Incident Response Quarterly Trends: Business Email Compromise Emerges as Most Common Threat

Cisco (NASDAQ: CSCO) has released the Talos Incident Response (IR) Quarterly Trends report for Q1 2024, highlighting key insights into the cybersecurity landscape. Developed by Cisco Talos Intelligence Group, the report is designed to help organizations defend against the most common cyberthreats.

Business Email Compromise on the Rise

For the first time in several quarters, Business Email Compromise (BEC) has emerged as the most common threat in Q1 2024. BEC accounted for 46 percent of all Cisco Talos IR engagements, marking a significant increase from Q4 2023. Adversaries often use this tactic to impersonate legitimate business members, sending phishing emails that may contain malicious payloads or orchestrate financial schemes.

Persistent Weaknesses in Multi-Factor Authentication

Cisco’s security researchers identified a new phishing kit named Tycoon 2FA that bypasses multi-factor authentication (MFA). Although it has not yet appeared in Talos IR engagements, it is becoming widespread. Nearly half of all engagements showed weaknesses in MFA, with unauthorized push notification acceptance and improper MFA implementation being the top vulnerabilities.

New Variants of Ransomware Detected

Incidents of ransomware decreased by 11 percent in Q1 2024, making up 17 percent of engagements. New variants of Phobos and Akira ransomware were detected for the first time, along with ongoing threats from LockBit and Black Basta. Akira has resumed using encryption for extortion, targeting both Windows and Linux machines.

Manufacturing: The Most Targeted Sector

Continuing from Q4 2023, manufacturing remained the most targeted sector, representing 21 percent of incident response engagements, followed closely by education. Healthcare, public administration, and technology sectors tied for third. The manufacturing sector's low tolerance for operational downtime makes it a prime target for financially motivated attacks, including BEC, ransomware, and brute-force attacks on VPNs.

Evolving Cyberattack Techniques

The primary method for gaining initial access was using compromised credentials, making up 29 percent of engagements—a 75 percent increase from Q4 2023. Email hiding inbox rules were the most observed defense evasion technique, representing 21 percent of engagements, likely due to the rise in BEC and phishing.

Cisco’s Proactive Cybersecurity Strategy

Fady Younes, Managing Director for Cybersecurity at Cisco Middle East & Africa, emphasized the importance of a holistic digital security strategy in the face of evolving threats. Cisco leverages advanced technologies, including AI, to help organizations implement proactive cybersecurity measures. Key recommendations include:

  • Multi-Factor Authentication (MFA): Implement MFA, such as Cisco Duo, to secure corporate email accounts and prevent BEC.
  • Endpoint Detection and Response (EDR): Utilize EDR solutions like Cisco Secure Endpoint to detect malicious activities.
  • Threat Detection Signatures: Employ Cisco’s Snort and ClamAV signatures to block known ransomware families like Black Basta and Akira.

In summary, Cisco's Q1 2024 Talos IR report underscores the critical need for robust cybersecurity measures to combat rising threats, particularly BEC, and highlights the importance of MFA and EDR solutions in protecting organizational infrastructure

Related News

Dubai Chambers Signs MoU with ...

Dubai Chambers has signed a Memorandum of Understanding (MoU) with Aramex (DFM: ARMX), a global leader in comprehensive logistics and transportation solutions. This strategic partn...

7X Unveils Ambitious Expansion ...

7X, previously known as Emirates Post Group, has announced significant expansion plans aimed at strengthening its diverse portfolio and enhancing both domestic and global reach. Th...

Milken Institute Expands Afric ...

The Milken Institute has announced the launch of the Africa Leaders Business Council, a strategic initiative aimed at strengthening partnerships across the African continent. This ...

Presidio Investors Welcomes Me ...

 Presidio Investors is thrilled to announce the appointment of Meredith Moss as their newest Operating Partner. Meredith brings a rich background in the fintech sector, having...

AM Green and SJVN Sign Landmark 450 ...

AM Green and SJVN Green Energy Limited (SGEL), a wholly-owned subsidiary of SJVN, have entered into a Memorandum of Understanding (MoU) for a long-term renewable energy supply cont...

DMS Partners with Pinterest to Expa ...

Digital Media Services (DMS), a Choueiri Group brand, has announced a strategic sales partnership with Pinterest. This collaboration aims to expand Pinterest’s digital advert...

Federal Tax Authority Urges Corpora ...

The Federal Tax Authority (FTA) has called on Resident Juridical Persons with licenses issued in May, regardless of the issuance year, to complete their Corporate Tax registration ...

IBM and The All England Lawn Tennis ...

IBM (NYSE: IBM) and The All England Lawn Tennis Club have introduced a groundbreaking feature for the Wimbledon digital experience, leveraging match data and generative AI from IBM...

Nicholas Cumins Takes Charge as CEO ...

 Bentley Systems, Incorporated (Nasdaq: BSY) announced today that Nicholas Cumins has officially taken the helm as CEO. Cumins succeeds Greg Bentley, the eldest of the five br...

Samsung Launches ‘Flippin Possible’ ...

Samsung Electronics, Middle East and North Africa, in collaboration with Anghami Inc., the leading music streaming platform in the region, has launched the ‘Flippin Possible&...