• Healthcare was the top targeted industry this year, as adversaries maintained their focus on entities with cybersecurity weaknesses.
  • Commodity loaders are still being used to deliver ransomware threats.
  • Sharp increases in activity often corresponded with major geopolitical events

Dubai, United Arab Emirates - Cisco Talos Intelligence Group, one of the largest commercial threat intelligence teams in the world, released its annual report, titled ‘Cisco Talos: Year in Review 2023’. The report highlights the most common attacks, targets, and other significant trends across the threat landscape in 2023.

The findings show that suspicious network traffic captured by Cisco Security products revealed sharp increases in activity often corresponded with major geopolitical events and global cyberattacks. The report also revealed that LockBit maintained its position as the top global ransomware threat for the second consecutive year, with healthcare emerging as the primary target due to funding constraints and low downtime tolerance.

Commenting on the report’s findings, Fady Younes, Senior Director for Cybersecurity at Cisco in the Middle East and Africa, said: “Talos yearly report contains a wealth of insights about how the threat landscape has shifted. With the complexity of cybercrimes that is mounting every year, we are proud of Cisco’s global presence and Talos’ world-class expertise that is providing us with a massive amount of data to research — endpoint detections, incident response engagements, network traffic, and much more. This data is available for our customers and partners to support our efforts in strengthening cybersecurity resilience in the region.”

Top Threats Observed in 2023 include:

Network Infrastructure Threats: Talos observed an increase in sophisticated attacks on

networking devices this past year, particularly by state-sponsored actors seeking to advance espionage objectives and facilitate stealthy operations. Exploitation of vulnerabilities and weak credentials remains a persistent concern, with three of the five most targeted device vulnerabilities being critical or severe.

Ransomware and Pre-Ransomware Incidents: Ransomware and pre-ransomware incidents continue to affect customers at a consistent rate — totaling the same 20 percent of Talos IR incidents as last year — with health care being the most targeted vertical. LockBit continues to dominate the ransomware landscape, and affiliates accounted for more than 25 percent of the total number of victim posts on data leak sites across some 40 ransomware groups monitored by Talos IR.

Telemetry Trends: Cisco's telemetry revealed increased suspicious network traffic during major geopolitical events. Common file extensions were abused, and well-known brands were spoofed, highlighting the use of social engineering for operations like phishing and business email compromise (BEC). Adversaries are likely responding to Microsoft’s disabling of macros in 2022 by using different file types to hide their malware, such as PDFs, which was the top blocked file extension this year.

About Cisco 

Cisco (NASDAQ: CSCO) is the worldwide technology leader that securely connects everything to make anything possible. Our purpose is to power an inclusive future for all by helping our customers reimagine their applications, power hybrid work, secure their enterprise, transform their infrastructure, and meet their sustainability goals. Discover more on The Newsroom and follow us on X at @Cisco. 

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.