Ransomware remains the most pressing security issue worldwide — but even schools are being targeted now

ID theft
Image credit: Pixabay (Image credit: Future)

After slightly dipping on the list of the biggest cybersecurity threats for 2023, ransomware rose back to the top, a report from cybersecurity researchers Cisco Talos has claimed.

The company's findings say ransomware rose significantly in Q4 2023, with the education sector now one of the biggest targets.

As per the Quarterly Trends report, ransomware and pre-ransomware activity was the most observed threat for Q4 2023, making up more than a quarter (28%) of all Cisco Talos Incident Response engagements. This activity rose by 17%, compared to the third quarter of the year. Notably, the researchers said multiple ransomware operators were active last quarter, but mentioned Play, Cactus, BlackSuit and NoEscape specifically. ALPHV (BlackCat), for example, was “not observed” by Talos IR in this quarter.

Missing MFA

While manufacturing was historically one of the most targeted verticals out there, for this quarter, the score is tied with education, as the two made up almost 50% of the total number of incident response engagements, the report added. 

Usually, the threat actors would either use compromised credentials on valid accounts for initial access, or a flawed public-facing application. Both these methods made up 28% of engagements. Remote access software, such as ScreenConnect, SplashTop and AnyDesk were used in nearly a fourth of engagements this quarter. 

However, there is a relatively simple way to reduce the chances of being attacked by ransomware, the researchers hint. Apparently, the lack of multi-factor authentication (MFA) implementation was the number one security weakness, accounting for more than a third (36%) of all engagements, and “continuing a trend we observed throughout 2023.” In other words, businesses should make sure they activate MFA on employee accounts wherever and whenever possible.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.