Cisco Talos Blog

January 24, 2024 08:00

IR Q4 2023 trends: Significant increase in ransomware activity found in engagements, while education remains one of the most-targeted sectors

Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.

October 24, 2023 08:00

Attacks on web applications spike in third quarter, new Talos IR data shows

We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.

July 26, 2023 08:00

Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical

Ransomware was the second most-observed threat this quarter, accounting for 17 percent of engagements, a slight increase from last quarter’s 10 percent.

April 26, 2023 08:00

Quarterly Report: Incident Response Trends in Q1 2023

In 45 percent of engagements, attackers exploited public-facing applications to establish initial access, a significant increase from 15 percent the previous quarter.

January 26, 2023 04:00

Quarterly Report: Incident Response Trends in Q4 2022

Ransomware continued to be a top threat Cisco Talos Incident Response (Talos IR) responded to this quarter, with appearances from both previously seen and newly observed ransomware families.

October 25, 2022 08:00

Quarterly Report: Incident Response Trends in Q3 2022

A lack of MFA remains one of the biggest impediments to enterprise security.

July 26, 2022 10:03

Quarterly Report: Incident Response Trends in Q2 2022

For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response (CTIR) responded to this quarter, as commodity malware surpassed ransomware by a narrow margin. This is likely due to several factors, including the closure of several ransomwa

May 10, 2022 10:00

Talos Incident Response added to German BSI Advanced Persistent Threat response list

Cisco Talos Incident Response is now listed as an approved vendor on the Bundesamt für Sicherheit in der Informationstechnik (BSI) Advanced Persistent Threat (APT) response service providers list [https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Dienst

April 26, 2022 09:11

Quarterly Report: Incident Response trends in Q1 2022

Ransomware continues as the top threat, while a novel increase in APT activity emerges Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021 year-in-revie