Cisco Talos Intelligence Group has released its annual report, titled ‘Cisco Talos: Year in Review 2023’. The report highlights the most common attacks, targets, and other significant trends across the threat landscape in 2023.
The findings show that suspicious network traffic captured by Cisco Security products revealed sharp increases in activity often corresponded with major geopolitical events and global cyberattacks. The report also revealed that LockBit maintained its position as the top global ransomware threat for the second consecutive year, with healthcare emerging as the primary target due to funding constraints and low downtime tolerance.
Commenting on the report’s findings, Fady Younes, Senior Director for Cybersecurity at Cisco in the Middle East and Africa, said: “Talos yearly report contains a wealth of insights about how the threat landscape has shifted. With the complexity of cybercrimes that is mounting every year, we are proud of Cisco’s global presence and Talos’ world-class expertise that is providing us with a massive amount of data to research — endpoint detections, incident response engagements, network traffic, and much more. This data is available for our customers and partners to support our efforts in strengthening cybersecurity resilience in the region.”
Top Threats Observed in 2023 include:
Network Infrastructure Threats: Talos observed an increase in sophisticated attacks on
networking devices this past year, particularly by state-sponsored actors seeking to advance espionage objectives and facilitate stealthy operations. Exploitation of vulnerabilities and weak credentials remains a persistent concern, with three of the five most targeted device vulnerabilities being critical or severe.
Ransomware and Pre-Ransomware Incidents: Ransomware and pre-ransomware incidents continue to affect customers at a consistent rate — totaling the same 20 percent of Talos IR incidents as last year — with health care being the most targeted vertical. LockBit continues to dominate the ransomware landscape, and affiliates accounted for more than 25 percent of the total number of victim posts on data leak sites across some 40 ransomware groups monitored by Talos IR.
Telemetry Trends: Cisco’s telemetry revealed increased suspicious network traffic during major geopolitical events. Common file extensions were abused, and well-known brands were spoofed, highlighting the use of social engineering for operations like phishing and business email compromise (BEC). Adversaries are likely responding to Microsoft’s disabling of macros in 2022 by using different file types to hide their malware, such as PDFs, which was the top blocked file extension this year.