Ransomware has been the first threat to cybersecurity of organizations between April and June of this year, and represented nearly half (46 percent) of all incidents on a global scale.
This is clear from the latest Cisco Talos quarterly report, which places ‘ransonware’ with more than triple the impact of the next most common threat, exploiting vulnerabilities in Microsoft Exchange Server.
The data reveals that the attackers in the second quarter directed the ‘malware’ to a wide range of sectors such as transport, telecommunications, manufacturing and education, with health being the most attacked for the third consecutive quarter and followed by Public Administration.
“There are several reasons that explain the interest of cybercriminals in the health care sector, including the COVID.19 pandemic that encourages victims to pay quickly to restore services as soon as possible,” commented the director of Ciber. Security at Cisco Spain, Ángel Ortiz.
To carry out their attacks, the ‘ransomware’ actors used commercial tools such as Cobalt Strike, open source applications including Rubeus and other tools native to the victims’ device such as PowerShell.
“We frequently see ransomware incidents that could have been prevented by enabling multi.factor authentication on critical services,” Ortiz continued.
Other cyber threats noted in the report are the exploiting known vulnerabilities, mining cryptocurrencies and controlling user accounts– There were also several incidents involving Trojanized USB drives, a longstanding attack vector undetected for years.