Why tech firms are a soft target for ransomware attacks
What's the story
Ransomware and business email compromise attacks (BEC) are increasingly targeting businesses, as revealed by a recent report from Cisco Talos Incident Response. The report reveals that these two types of cyber threats accounted for nearly 60% of all security incidents. Technology firms remain the most vulnerable to these attacks. Despite a slight decrease in BEC incidents in this quarter compared to the last, the report stressed that it is "still a major threat for the second quarter in a row."
Targets
Tech firms seen as goldmines by cybercriminals
Technology firms are the most frequent victims of ransomware and BEC attacks, largely due to their extensive digital assets, critical infrastructure support, and minimal tolerance for downtime. These factors often lead tech firms to pay ransom demands promptly to resume operations. Additionally, these companies are often targeted as gateways into other industries. In the past quarter, tech firms accounted for 24% of engagements, closely followed by healthcare, pharma and retail sectors.
Rising threats
Ransomware attacks have increased in this quarter
According to the report, ransomware attacks accounted for nearly 30% of engagements this quarter, a significant increase from the previous quarter's 22%. The report also highlighted the emergence of new ransomware families, Mallox and Underground Team, indicating an expanding number of threat actors. Black Basta and BlackSuit ransomware operations continue to cause substantial disruption among organizations.
Security flaws
Poor security measures lead to increased ransomware attacks
Cisco Talos Incident Response report identified inadequate multi-factor authentication (MFA) implementations on critical systems, including virtual private networks (VPN), as the primary reason for 80% of ransomware victims. The remaining victims were compromised due to vulnerable or misconfigured systems. The report noted a 46% increase in these security weaknesses from the previous quarter, highlighting the need for improved cybersecurity measures.