In a recent report by cybersecurity researchers at Cisco Talos, the resurgence of ransomware has catapulted it back to the forefront of the biggest cybersecurity threats for Q4 2023.
The findings reveal a significant spike in ransomware incidents during the fourth quarter, with a noteworthy focus on the education sector emerging as a prime target.
It only means one thing: schools need to tighten their security and improve preventive measures to avoid falling victim to the ransomware threat actors.
Ransomware Dominates Q4 2023
According to Cisco Talos' Quarterly Trends report, the fourth quarter of 2023 witnessed a substantial surge in ransomware and pre-ransomware activities. This category constituted more than a quarter (28%) of all engagements in Cisco Talos Incident Response, reflecting a notable 17% increase compared to the previous quarter.
Among the active ransomware operators, Play, Cactus, BlackSuit, and NoEscape were specifically highlighted, while ALPHV (BlackCat) remained absent during this period.
The trend among ransomware groups keeps on changing as researchers continue their pursuit of fraudulent activities.
Cisco Talos also indicated that the most targeted sector last year was healthcare and public health sector, followed by public administration, and manufacturing.
Related Article: Severe Cisco Flaws Can Allow Threat Actors to Remotely Attack Software Via Malware
Education and Manufacturing in the Crosshairs
Traditionally, manufacturing stood as one of the most targeted sectors, but in a surprising discovery, it now shares the spotlight with education. Together, these two sectors accounted for nearly 50% of the total incident response engagements in the quarter.
Threat actors demonstrated a preference for employing compromised credentials on valid accounts or exploiting flaws in public-facing applications, constituting 28% of engagements, per TechRadar. Notably, remote access software like ScreenConnect, SplashTop, and AnyDesk played a role in almost a quarter of incidents.
Strengthening Defenses: The MFA Imperative
Amid the evolution of threats, the report recommends a straightforward method to enhance cybersecurity defenses against ransomware attacks. The absence of multi-factor authentication (MFA) implementation emerged as the primary security weakness, contributing to more than a third (36%) of all engagements.
Furthermore, this trend persisted throughout 2023, emphasizing the critical importance of activating MFA on employee accounts as a strategic defense measure.
It only goes to show that having reliable security protection is the way to safeguard your device and data against ransomware attackers. In case you have a weak MFA implementation, your chances of getting hit by any security incidents will only go higher.
In other news, Bleeping Computer reported that ransomware threat actors attacked the Kansas City Public Transportation Authority (KCATA).
Based on the investigation, the Medusa ransomware gang was the responsible group behind the incident. As of Jan. 27, the outlet wrote that the hackers allegedly posted the data from KCATA. This could mean that the hackers had already published the sensitive information on the dark web.
As for its demand, the group was asking KCATA to pay them $2,000,000 in exchange for not leaking the stolen data. Medusa even offered an alternative to KCATA by paying them a daily ransom of $100,000.
