Ransomware has ceased to be the main cyber-threat for companies, for the first time in the last 18 months, going from 25% of all threats to 15% between April and June of this year. This is clear from the latest Cisco Talos report, which highlights that ‘commodity malware’ became the most frequent threat to which Cisco Talos Incident Response responded during the second quarter, accounting for 20% compared to 15% for ransomware . The data also reveals that cybercriminals targeted malware at a wide range of sectors such as transportation, manufacturing and public administration, with telecommunications being the most targeted and followed by education and health.
factors of change
According to research by Cisco Talos, this change is likely due to various factors, such as the cessation of activity of some ransomware groups -either due to internal fracture or the actions of security forces- and the resurgence of certain Trojans. based on e-mail such as Remcos, Vidar, Redline and Qakbot/Qbot (the latter a well-known banking Trojan). Phishing, Business Email Compromise, and Advanced Persistent Threats (APTs) complete the list of featured malware.
Common Malware Displaces Ransomware
Despite the decline in activity, high-profile ransomware-as-a-service (RaaS) groups including Conti – likely renamed ‘Black Basta’ – and BlackCat have continued to act, targeting organizations purportedly capable of affording large payouts. In fact, LockBit ransomware released a new version that includes more cryptocurrency payment options. Cisco Talos has also continued to detect social engineering techniques to entice users to click or execute a certain link or file. And although the main target country for cyber-criminals continues to be the United States, cyber-attacks targeting companies and administrations in Europe, Asia, North America and the Middle East continue.