By David Liebenberg and Kendall McKay.
This summer’s most popular malware families were commonly seen, unsophisticated attacks, with phishing being the top infection vector, according to Cisco Talos Incident Response (CTIR) data. In addition to threat actors repeatedly deploying common threats like ransomware as final payloads, we found that adversaries also leveraged similarly well-known open-source frameworks post-compromise to enable activities such as traversing victim networks, reaching out to command and control (C2) nodes, and exfiltrating data. These findings indicate that organizations across a variety of industry verticals continue to face challenges in defending against common threats and attack methods, most of which have the potential to cause critical damage if not detected and remediated quickly and effectively.
The discoveries outlined in this blog were observed during CTIR engagements between May and July, which corresponds to Cisco’s fourth quarter in fiscal year 2019. These reports, which we intend to publish quarterly, are intended to provide executives and network defenders with regular updates and analysis on the threat landscape.
Top threats
The top threats that we observed between May and July included ransomware, commodity banking malware such as Emotet and Trickbot, and illicit cryptocurrency miners. Although adversaries’ use of ransomware initially appeared to slow down following the rise of cryptocurrency miners, ransomware was by far the most commonly observed threat in incident response engagements during the time period in question. We also frequently saw commodity banking trojans acting as a dropper for ransomware.
Ransomware
Based on our findings, ransomware was the most common threat affecting organizations, with Ryuk being the mo ..
Support the originator by clicking the read the rest link below.
