The second quarter of 2024 saw a surge in cyber attacks, with business email compromise (BEC) and ransomware being the primary threats, as reported by Cisco Talos Incident Response (Talos IR). These attacks accounted for 60% of all recorded cases.
Although the number of BEC attacks decreased compared to the previous quarter, they still pose a significant threat. Meanwhile, there was a slight increase in ransomware attacks, with Mallox and Underground Team emerging as new threats alongside Black Basta and Blacksuit.
Compromised accounting data was the primary method for initial access, making up 60% of cases and representing a 25% increase from the previous quarter.
Companies were the most targeted sector, accounting for 24% of all incidents, followed by healthcare, pharmaceuticals, and retail. The technological sector experienced a 30% increase in attacks, as these companies are crucial to supporting various industries, making them alluring targets for cybercriminals.
There was also a rise in attacks on network devices, comprising 24% of cases, which included password cracking, vulnerability scanning, and exploitation.
BEC attacks continued to rise, with attackers compromising business emails to send phishing emails for stealing confidential information, such as accounting data. Tactics like fake financial requests and SMS phishing (“Smishing”) were employed to deceive employees.
Ransomware attacks made up 30% of all incidents, marking a 22% increase from the previous quarter. Groups like Mallox, Underground Team, Black Basta, and Blacksuit were active, with 80% of attacks exploiting the absence of multifactor authentication on critical systems.
Mallox’s attacks involved infecting and encrypting Microsoft SQL servers without leaving any traces, utilizing double extortion techniques. Underground Team utilized SSH for lateral movement and reactivated Active Directory accounts to escalate privileges and encrypt critical systems.
Black Basta and Blacksuit continued to use compromised accounting data for access and persistence in networks, often employing legitimate tools to evade detection.
Attacks on network devices increased, with cybercriminals leveraging vulnerabilities like CVE-2018-0296 and CVE-2020-3259 for unauthorized access.