Cisco Talos has released its Quarterly Trends report. The report examines cyber threat trends in the first quarter of 2022. While ransomware remained the top threat, as it has for the past two years now, Cisco observed an increase in engagements involving advanced persistent threat (APT) activity. This included Iranian state-sponsored MuddyWater APT activity, China-based Mustang Panda activity leveraging USB drives to deliver the PlugX remote access trojan (RAT), and a suspected Chinese adversary dubbed “Deep Panda” exploiting Log4j.
Cybercriminals targeted a broad range of verticals, including education, energy, financial services, health care, industrial production and equipment, local government, manufacturing, real estate, telecommunications, and utilities. Telecommunications became the most affected industry, closely followed by organizations in the education and government sectors. .
Commenting on the report, Fady Younes, Cybersecurity Director, EMEAR Service Provider and MEA, said: “In 2021, the most attacked sector monitored by Talos was health care. However, cybercriminals have shifted their focus over the last 12 months. Given that telecom companies operate critical infrastructure and store large amounts of sensitive data, this sector is expected to remain a key target.”
Ransomware continued to comprise the majority of threats Cisco Talos responded to. No one ransomware family was observed twice in incidents in the first quarter of 2022. This is indicative of a trend toward greater democratization of ransomware adversaries that Talos began observing last year. This quarter also saw the appearance of emerging ransomware families, including Cerber (aka CerberImposter), Entropy and Cuba. Additional high-profile ransomware families included Hive and Conti.
Log4j exploitation was the second most common cyber security threat during the quarter behind ransomware, indicating a growing risk despite a patch being available. Cisco experts observed adversaries capitalizing on organizations’ lack of up-to-date patches and improper data protections.
Cisco’s top recommendation for defending digital environments is to use preventive Zero Trust access controls to verify user trust and device trust, as well as to apply access controls for every application. Zero Trust access controls for workforce is an effective approach to prevent adversaries from gaining unwanted and unauthorized access. Talos routinely sees threat activity that could have been prevented if Zero Trust access controls for users and their devices (laptops, mobiles, and tablets) had been enabled.