Talos Incident Response year-in-review for 2021


By David Liebenberg

Cisco Talos Incident Response (CTIR), as with everyone else in the cybersecurity world, dealt with a bevy of threats last year, as responders dealt with an expanding set of ransomware adversaries and several major cybersecurity incidents affecting organizations worldwide, all under the backdrop of the global pandemic, which brought its own set of cybersecurity challenges. In lieu of the regular incident response quarterly trends blog this quarter, this report will look at trends that emerged throughout 2021. Our findings reveal that: 

Health care was the most targeted industry vertical for the vast majority of the year.  Ransomware was the clear top threat throughout 2021. The most commonly observed initial vectors included exploitation of internet-facing applications and phishing attacks.  CTIR dealt with four major security incidents:  The SolarWinds supply chain attack. Mass exploitation of Microsoft Exchange Server vulnerabilities. REvil’s attack against IT solutions provider Kaseya. The discovery of the Log4j vulnerability.  

Of these four, the Microsoft Exchange vulnerabilities appear to be the most impactful for CTIR customers so far, as we have continued to see incidents leveraging Exchange this Winter.  

Targeting Health care was the top targeted vertical throughout the majority of 2021, with the only exception being the Fall, in which the top targeted vertical was local governments. We

Read More: http://blog.talosintelligence.com/2022/01/talos-incident-response-year-in-review.html