Commodity malware outpaced ransomware attacks in the second quarter of 2022

Cisco Talos, one of the world’s largest private threat intelligence teams, has released its latest quarterly report that examines incident response trends and global cyber threats.

According to the report, during the months of April, May and June 2022 (that is the second quarter), commodity malware outpaced ransomware for the first time in more than a year, comprising 20 percent of the threats observed, followed by ransomware, phishing, business email compromise (BEC) and advanced persistent threats.

This quarter mainly saw an increase in commodity malware threats, widely available for purchase or download. This type of malware is typically not customised and is used by a variety of actors to deliver additional threats in various stages of their operation and/or to deliver additional threats. Cisco Talos also observed ongoing Qakbot activity, which leverages thread hijacking, allowing threat actors to use compromised email accounts to insert malicious replies into the middle of existing email conversations.

(TOP: Fady Younes, Cisco Cybersecurity Director, EMEA Service Providers and MEA).

Compared to previous years, ransomware made up a smaller portion, comprising 15 percent of all threats, compared with 25 percent last quarter. The drop is attributed to various factors including the closure of several ransomware groups, whether it be of their own volition or the actions of global law enforcement agencies and governments.

Targeted Industries:

The top-targeted industry continues to be telecommunications, following a trend where it was among the top targeted sectors in Q4 2021 and Q1 2022, closely followed by organisations in the education and healthcare sectors.

Other targeted verticals include financial services, local government, food services, retail, automotive, information technology, production and manufacturing. Meanwhile, the United States continues to be the top targeted country followed by Europe, Asia, North America and Middle East.

Commenting on the report’s findings, Fady Younes, Cisco Cybersecurity Director, EMEA Service Providers and MEA, said: “Organisations across countries of the Middle East and Africa hold a huge amount of sensitive data that is prone to cyber threats and needs to be secured. With cyberattacks becoming more sophisticated, the demand for comprehensive cybersecurity solutions is increasing.” He added: “Cisco is uniquely positioned to support governments and businesses of all sizes and across industries in our region, addressing the cyber security challenges they are facing, and helping them increase their security resilience.”

In order to protect from these threats, Cisco highly recommends organisations to implement multi-factor authentication (MFA), such as Cisco Duo, on all critical services. Endpoint detection and response solutions like Cisco Secure Endpoint are also key to detecting malicious activity across machines and networks. Cisco Secure Firewall can help protect from commodity trojans and malware such as Qakbot, while Cisco Secure Email and Secure Malware Analytics can help protect users from from targeted phishing emails and business email compromise, which adversaries commonly used this quarter.


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.