Connect with us

Cyber Security

Cisco Talos Report: Business Email Compromise Soars in Q1 2024

Published

11 months ago

on

Cisco has unveiled key insights into the cybersecurity landscape in the first quarter of this year. The Talos Incident Response (IR) Quarterly Trends (Q1 2024) report, developed by Cisco Talos Intelligence Group, aims to help organizations arm themselves against the most common cyber threats.

Business Email Compromise on the Rise
The report indicates that for the first time in several quarters, business email compromise (BEC) emerged as the most common threat in Q1 2024. BEC made up 46 per cent of all Cisco Talos IR engagements in the first quarter, a significant spike from Q4 2023. Adversaries use this tactic to disguise themselves as legitimate members of a business and send phishing emails to other employees or third parties, often pointing to a malicious payload or engineering a scheme to steal money.

Weaknesses in Multi-Factor Authentication Persist
In Q1 2024, Cisco’s security researchers discovered a new phishing kit called Tycoon 2FA that bypasses multi-factor authentication (MFA). This has since become one of the most widespread phishing kits, although it has yet to appear in any Talos IR engagements. Overall, attackers were frequently trying to bypass MFA on endpoint detection and response (EDR) solutions to disable their alerting mechanisms.

Weaknesses involving MFA were observed within nearly half of the engagements, with the top weakness being users accepting unauthorized push notifications, occurring within 25 per cent of engagements. The lack of proper MFA implementation followed closely, accounting for 21 percent of engagements.

New Variants of Ransomware Enter the Fold
Incidences of ransomware, which was the top threat in the last quarter of 2023, decreased by 11 per cent, representing 17 per cent of engagements. In Q1 2024, Talos IR responded to new variants of Phobos and Akira ransomware for the first time, in addition to the previously seen LockBit and Black Basta ransomware operations.

A recent engagement suggests that Akira has returned to using encryption as an additional extortion method, now deploying a multipronged attack strategy to target Windows and Linux machines. Cisco’s security researchers also observed a variety of other threats, including data theft extortion, brute-force activity targeting virtual private network (VPN) infrastructure, and the previously seen commodity loader malware Gootloader.

Manufacturing Remains a Popular Target
Continuing the trend from Q4 2023, manufacturing was the most targeted vertical by attackers in the first quarter, accounting for 21 per cent of the total incident response engagements, closely followed by education. Healthcare, public administration, and technology are tied for the third spot. The report noted a 20 per cent increase in manufacturing engagements from the previous quarter.

The manufacturing sector faces unique challenges due to its inherently low tolerance for operational downtime. Q1 2024 witnessed a wide range of threat activity targeting manufacturing organizations, including financially motivated attacks, such as BEC and ransomware, and brute-force attacks on VPNs.

Evolving Cyberattack Techniques
The most frequent means of gaining initial access was the use of compromised credentials on valid accounts, which made up 29 percent of engagements, a 75 percent increase from Q4 2023. The use of email hiding inbox rules was the top observed defense evasion technique, representing 21 percent of engagements, which was likely due to the increase in BEC and phishing.

Fady Younes, Managing Director for Cybersecurity at Cisco Middle East & Africa, says, “We have seen significant changes in the way attackers approach their malicious activities since last year. In this complex landscape full of rapidly evolving threats, a holistic digital security strategy that focuses on proactive cybersecurity measures is of critical importance. At Cisco, we are leveraging cutting-edge technologies, including AI, to help organizations embed advanced security controls across their infrastructure to prevent, detect, and effectively respond to all forms of cyberattacks.”

The implementation of MFA and a single sign-on system ensures only trusted parties can access corporate email accounts to prevent the spread of BEC. Lack of MFA remains among the biggest impediments for enterprise security. All organizations should implement some form of MFA, such as Cisco Duo. Meanwhile, EDR solutions like Cisco Secure Endpoint can detect malicious activity on organizations’ networks and machines. In addition, Cisco’s Snort and ClamAV signatures can block many well-known ransomware families distributed in Q1 2024, such as Black Basta and Akira.

Related Topics:
Continue Reading

Cyber Security

GISEC Global 2025: Phishing, Data Breaches, Ransomware, and Supply Chain Attacks Causing Challenges

Published

17 hours ago

on

April 29, 2025

By

Maher Jadallah, the Vice President for Middle East and North Africa at Tenable, says effective exposure management requires a unified view of the entire attack surface (more…)

Continue Reading

Cyber Security

GISEC Global 2025: A Place Where Innovation, Partnerships, and Leadership Come Together

Published

17 hours ago

on

April 29, 2025

By

Meriam ElOuazzani, the Senior Regional Director for META at SentinelOne, says, the company will showcase its latest developments in AI-powered security solutions, reinforcing its position as a leader in this area (more…)

Continue Reading

Artificial Intelligence

Cequence Intros Security Layer to Protect Agentic AI Interactions

Published

1 day ago

on

April 29, 2025

By

Cequence Security has announced significant enhancements to its Unified API Protection (UAP) platform to deliver a comprehensive security solution for agentic AI development, usage, and connectivity. This enhancement empowers organizations to secure every AI agent interaction, regardless of the development framework. By implementing robust guardrails, the solution protects both enterprise-hosted AI applications and external AI APIs, preventing sensitive data exfiltration through business logic abuse and ensuring regulatory compliance.

There is no AI without APIs, and the rapid growth of agentic AI applications has amplified concerns about securing sensitive data during their interactions. These AI-driven exchanges can inadvertently expose internal systems, create significant vulnerabilities, and jeopardize valuable data assets. Recognising this critical challenge, Cequence has expanded its UAP platform, introducing an enhanced security layer to govern interactions between AI agents and backend services specifically. This new layer of security enables customers to detect and prevent AI bots such as ChatGPT from OpenAI and Perplexity from harvesting organizational data.

Internal telemetry across Global 2000 deployments shows that the overwhelming majority of AI-related bot traffic, nearly 88%, originates from large language model infrastructure, with most requests obfuscated behind generic or unidentified user agents. Less than 4% of this traffic is transparently attributed to bots like GPTBot or Gemini. Over 97% of it comes from U.S.-based IP addresses, highlighting the concentration of risk in North American enterprises. Cequence’s ability to detect and govern this traffic in real time, despite the lack of clear identifiers, reinforces the platform’s unmatched readiness for securing agentic AI in the wild.

Key enhancements to Cequence’s UAP platform include:

  • Block unauthorized AI data harvesting: Understanding that external AI often seeks to learn by broadly collecting data without obtaining permission, Cequence provides organizations with the critical capability to manage which AI, if any, can interact with their proprietary information.
  • Detect and prevent sensitive data exposure: Empowers organizations to effectively detect and prevent sensitive data exposure across all forms of agentic AI. This includes safeguarding against external AI harvesting attempts and securing data within internal AI applications. The platform’s intelligent analysis automatically differentiates between legitimate data access during normal application usage and anomalous activities signaling sensitive data exfiltration, ensuring comprehensive protection against AI-related data loss.
  • Discover and manage shadow AI: Automatically discovers and classifies APIs from agentic AI tools like Microsoft Copilot and Salesforce Agentforce, presenting a unified view alongside customers’ internal and third-party APIs. This comprehensive visibility empowers organizations to easily manage these interactions and effectively detect and block sensitive data leaks, whether from external AI harvesting or internal AI usage.
  • Seamless integration: Integrates easily into DevOps frameworks for discovering internal AI applications and generates OpenAPI specifications that detail API schemas and security mechanisms, including strong authentication and security policies. Cequence delivers powerful protection without relying on third-party tools, while seamlessly integrating with the customer’s existing cybersecurity ecosystem. This simplifies management and security enforcement.

“Gartner predicts that by 2028, 33% of enterprise software applications will include agentic AI, up from less than 1% in 2024, enabling 15% of day-to-day work decisions to be made autonomously. We’ve taken immediate action to extend our market-leading API security and bot management capabilities,” said Ameya Talwalkar, CEO of Cequence. “Agentic AI introduces a new layer of complexity, where every agent behaves like a bidirectional API. That’s our wheelhouse. Our platform helps organizations embrace innovation at scale without sacrificing governance, compliance, or control.”

These extended capabilities will be generally available in June.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.