Home Industry Cisco Cisco says threat actors still...
Cisco
Business Fortune
11 January, 2024
One of the most prominent cybersecurity news stories of the year involved the exploitation of a flaw in Progress Software's MOVEit file transfer application.
But as in prior years, older security holes in widely used applications were the most targeted vulnerabilities, according to Cisco Systems.
Cisco's Talos threat intelligence division stated in its annual Year in Review report that this further demonstrates threat actors' preference to target unpatched systems that have the potential to cause significant disruptions.
The vulnerabilities had plenty of time to have been patched because they were frequently older than ten years. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) actually noted that four of the top five most targeted vulnerabilities have also been often exploited in previous years.
The report states that the majority of the vulnerabilities, seven of which have the highest "critical" score from the Common Vulnerability Scoring System (CVSS), would have a significant impact if exploited.
According to the research, ransomware remained a concern to businesses throughout the world in 2023, with LockBit continuing to be the leading threat for the second consecutive year. This year, adversaries continued to target organizations with limited financing for cybersecurity and a low tolerance for downtime, with the healthcare sector being the most targeted sector.
Nonetheless, the paper notes that some ransomware groups, like Clop/Cl0p, the group responsible for the MOVEit exploits, released a set of zero-day exploits, a behavior typically linked to advanced persistent threat (APT) activity. Additionally, a new style of ransomware attackers threatening to release private data and relying solely on extortion has arisen, bypassing encryption completely.
Low-skilled actors were able to enter the market at the same time, the report continues, thanks to the release of ransomware source code.