Cisco Talos has released its cybersecurity report for the first quarter of 2023, which compiles the most common attacks, targets and trends. Malicious scripts “web shell” that allow threat actors to compromise web-based servers that are open to the internet account for about 22 percent of cyberattacks.
According to the Cisco Talos report, malicious scripts known as "web shells" accounted for 2023 percent of cyberattacks in the first quarter of 22. In 30 percent of interactions, multi-factor authentication (MFA) was either not enabled at all or enabled only on limited services. The most targeted sector in the first 4 months was the health sector. This is followed by retail, trade and real estate.
Commenting on the results, Fady Younes, Director of Cisco, EMEA Service Providers and MEA Cybersecurity, said:
“Cybercriminals are gaining more experience by exploiting security loopholes to extend their reach across corporate networks. To prevent a wide range of threats and be in a position to respond to risks in motion, cyber defenders must scale their protection strategies. This means leveraging advanced technologies like automation, machine learning and predictive intelligence to analyze large volumes of data in real time and identify potential threats before they cause any damage.”
Fady Younes also gave the following information about the measures that can be taken:
“As cyber threats increase, organizations must take proactive measures to protect themselves from potential breaches. One of the major barriers to enterprise security is the lack of Zero Trust architecture implementations in many organizations. To prevent unauthorized access to sensitive data, businesses should implement some form of MFA, such as Cisco Duo. Endpoint detection and response solutions such as Cisco Secure Endpoint are also required to detect malicious activity on networks and devices.”
2023 major cyber threats observed in the first quarter of 4
Web shell: In this quarter, web shell usage accounted for about a quarter of the threats responded in the first quarter of 2023. Although each web shell had its own core functions, threat actors often chained them together to provide a flexible toolkit for spreading access across the network.
Ransomware: Ransomware accounted for less than 10 percent of interactions, a significant decrease compared to ransomware interactions (20 percent) in the previous quarter. The sum of ransomware and pre-ransomware attacks accounted for about 22 percent of observed threats.
Qakbot commodity: The Qakbot commodity uploader was observed this quarter among interactions using ZIP files with malicious OneNote documents. Attackers are increasingly using OneNote to spread their malware after Microsoft disabled macros in Office documents by default in July 2022.
Abuse of public apps: Abuse of public apps was the most important initial access vector this quarter, contributing to 45 percent of interactions. In the previous quarter, this rate was 15 percent.
Top targeted sectors: Healthcare, commerce and real estate
The report showed that 30 percent of interactions lack multi-factor authentication or are only enabled on certain accounts and services.
The efforts of the security forces have decimated the activities of major ransomware gangs such as Hive ransomware, but this has also created space for new partnerships to be formed.
Healthcare was the most targeted sector this quarter. Retail-trade, real estate, food services and accommodation sectors followed closely.