By David Liebenberg and Caitlin Huey.
For the fourth quarter in a row, Ryuk dominated the threat landscape in incident response. As we mentioned in last quarter’s report, Ryuk has shifted from relying on commodity trojans to using living-off-the-land tools. This has led to a decrease in observations of attacks leveraging commodity trojans. Email remained the top infection vector, though we observe increased compromises of remote desktop services (RDS) as well as Citrix devices and Pulse VPN. One of the more interesting trends this quarter was the role of the COVID-19 pandemic. Interestingly, we did not observe any engagements in which COVID-19 was used in an attack. However, CTIR has observed the pandemic impacting organizations, affecting their ability to respond and contain cybersecurity incidents.
For additional information, you can also check out our full summary here.
Targeting
A wide variety of verticals were once again targeted, including energy and utilities, financial services, government, health care, industrial distribution, manufacturing, retail, technology, telecommunications, and transportation. The top targeted verticals were health care and technology, a change from last quarter when the top targeted verticals were ..
Support the originator by clicking the read the rest link below.
