Cisco revealed the company’s security insights as observed in the latest Cisco Talos annual report, titled ‘Cisco Talos: Year in Review 2022. The Report delves into several major trends across the threat landscape in 2022, as well as new behaviors from commodity loaders that will continue to be present in 2023 and beyond.
Commenting on the report’s findings, Fady Younes, Cybersecurity Director, EMEA Service Providers and MEA, Cisco, said: “Cybercrime remains a clear and present danger that cannot be ignored, for individuals and organizations. Last year, we have seen cyber-attacks being highly coordinated, and far more advanced than ever before. Our presence at GISEC this year provides us with the perfect platform to engage with our customers and industry leaders and explore ways to drive fightback against increasingly dynamic and sophisticated cyber threats.”
The report is compiled by Cisco Talos Intelligence Group, one of the largest commercial threat intelligence teams in the world, comprised of world-class cyber security researchers. Their findings show that the intensity of ransomware, information theft, commodity malware, and exploitation of known vulnerabilities decreased significantly worldwide between February and June, as threat actors focused on the Russia-Ukraine attack space. After a short break, organized cybercrime came back stronger than before in the second half of the year with top threats in 2022 including:
Ransomware: In 2022, ransomware continued to be a significant threat to organizations across the globe with ransomware attacks making up nearly 20 percent of threats in 2022. The threats have been observed to be more sophisticated, and the attacks can cause severe disruptions to business operations, result in data loss, and damage a company’s reputation. Ransomware groups targeted the education sector very strongly as these institutions are considered high-value targets, especially since they have a low tolerance for downtime.
APT groups: Advanced Persistent Threat (APT) groups have expanded their operations over the past year, with state-sponsored increasingly using supply chain attacks, zero-day vulnerabilities, and social engineering tactics to gain access to target systems and networks.
Log4j: The vulnerability in the Apache software’s Log4j shared library continued to be highly targeted by threat actors throughout 2022. Attempts to exploit this vulnerability have remained consistently high, with attacks over the past year being attributed to a variety of actors, ranging from simple cybercriminals to professionally organized APT groups.
In 2023, it has become crucial to ensure that robust and multi-layered security strategies are in place to prevent, detect, and respond to ransomware attacks effectively. The report also emphasizes the need for organizations to prioritize employee education and awareness programs to ensure that everyone in the organization understands the risks of ransomware and knows how to respond in case of an attack. Sharing threat intelligence and collaborating with industry peers, government agencies, and cybersecurity vendors will also assist in improving collective defense against APT groups.