For the third quarter in a row, healthcare was the most targeted by cyber attacks of all types, while government was the second most targeted, according to Cisco Talos’ Quarterly Report for Q2 2021. actors continue to target the health sector, including the covid-19 pandemic, encouraging victims to pay to restore services as quickly as possible,” the report ponders.
Although in the previous quarter (January/March) ransomware was not the most dominant threat, experts assume this was due to a large increase in the exploitation of Microsoft Exchange, which temporarily became a major focus for the Cisco Talos Incident teams Response (CTIR): “We believe that ransomware would soon return to its most watched threat position. That’s because ransomware cases have exploded this quarter, covering nearly half of all incidents, underscoring that it remains one of the top threats aimed at businesses.”
Although ransomware is the main threat, there were few reports of trojan usage in the quarter. Ransomware actors continued to use commercial tools such as Cobalt Strike, and open source tools including Rubeus, as well as tools native to the victim’s machine, such as PowerShell.
However, the quarter also demonstrated the continuation of an encouraging trend: there were several pre-ransomware events in which timely detection, along with rapid remediation efforts by the CTIR and the victim organization, led to incident containment before encryption could take place. .
The actors targeted a wide range of vertical sectors, including transportation, utilities, healthcare, government, telecommunications, technology, machinery, chemical distribution, manufacturing, education, real estate and agriculture. The healthcare sector was the most targeted of all verticals for the third straight quarter, with the government being the second most targeted. There are many reasons why actors continue to target the health sector, including the COVID-19 pandemic, encouraging victims to pay to restore services as quickly as possible.