It has been more than two years already since Cisco Incident Response became a part of the Talos family. Since then, my team has continued a journey to simplify our offering for consumption and make incident response the ultimate team sport.
That is why I could not be more humbled to announce that Cisco Talos Incident Response is being recognized as a leader by IDC in the 2021 MarketScape for Worldwide Incident Readiness Services (doc #US46741420, November 2021). Our world-class global incident response team continues to stand next to our customers to help them build resiliency into their processes, procedures, and people. Our customers understand the journey we are on together and turn to Cisco to securely connect, protect, and respond to threats impacting their hybrid workforce. [Continue reading]
As a seasoned incident responder, and now IR business leader here at Cisco Talos Incident Response (CTIR), I have always said that incident response is the ultimate team sport. People are building blocks for organizations — and an effective incident response is about people, relationships and leveraging those relationships into the incident response workflow (processes and security instrumentation). This all plays a part in effectively containing and eradicating a determined adversary from the organization’s network environment. [continue reading]
For the seventh quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. The top variants were Ryuk and Vatet, which is notable given the absence of Ryuk last quarter. We also observed variants of Egregor and WastedLocker continuing to target organizations across the globe.
Unlike last quarter, however, these ransomware attacks overwhelmingly relied on phishes delivering commodity trojan maldocs, such as Zloader, BazarLoader and IcedID. Nearly 70 percent of ransomware attacks relied on commodity trojans this quarter. Adversaries also employ commercially available tools such as Cobalt Strike, open-source post-exploitation tools like Bloodhound, and native tools on the victim’s system, such as PowerShell. For a broader breakdown of these trends, check out our summary here.
