Identity-Based Attacks Surge; Ransomware Threats Persist in the Third Quarter of 2024
Identity-based operations were prevalent this quarter, with credential theft being the main goal in 25% of incident response engagements.
Ransomware, pre-ransomware, and data theft extortion accounted for nearly 40% of engagements.
Education, manufacturing, and financial services were the most affected sectors.
Ahead of Black Hat MEA in Riyadh from 26-28 November 2024, Cisco, the worldwide leader in networking and security, released insights into key cybersecurity trends that emerged between July and September 2024. The findings are based on analysis from Cisco Talos, one of the most trusted threat intelligence research teams globally, highlighting a notable increase in identity-based and ransomware attacks.
Over the three-month period, there was a noticeable rise in identity-based attacks, particularly with a focus on stealing credentials, which accounted for 25% of incident response engagements. These types of attacks have become easier to execute, often using readily available tools.
Ransomware incidents also remained a significant concern, making up nearly 40% of engagements. New ransomware variants, including RansomHub, RCRU64, and DragonForce, were observed this quarter, alongside familiar variants like BlackByte and Cerber.
Organizations in the education, manufacturing, and financial services verticals were most affected this quarter, accounting for over 30% of compromises. This trend aligns with what was observed in previous quarters in 2024.
Cisco is participating as a Strategic Sponsor at Black Hat MEA 2024 under the theme “Innovating a New Era of Security,” showcasing its latest innovations in cybersecurity. This year, Cisco is highlighting how it powers and protects the engine of the AI revolution – AI-ready data centres and clouds – to make every application and device secure no matter how they are distributed or connected.
Salman Faqeeh, Managing Director, Cisco Saudi Arabia, commented: “The mounting trends in identity-based attacks and ransomware highlight the evolving nature of cyber threats. At Cisco, we are committed to supporting our customers in strengthening their digital resilience with advanced security solutions.” He added, “Black Hat MEA continues to be a significant platform for us to share latest threat insights and showcase our innovations that prevent identity-based attacks; detect and stop breaches; and close the exploit gap.”
Additionally, Splunk, a Cisco company, will showcase its innovations at the same booth, demonstrating solutions that support the future of Security Operations Centres (SOC) as well as specialized solutions for Operational Technology (OT) environments.
As part of Cisco’s program of events at Black Hat MEA, Lothar Renner, Managing Director, Cisco Security, EMEA, will deliver a keynote address on “Redefining Security in the Age of AI,” emphasizing Cisco’s commitment to innovation and security in an increasingly complex threat environment.
Cisco will be present at booth H1-T20 at the Riyadh Exhibition & Conference Centre in Malham from 26-28 November 2024.
