• Identity-based operations were prevalent this quarter, with credential theft being the main goal in 25% of incident response engagements.
  • Ransomware, pre-ransomware, and data theft extortion accounted for nearly 40% of engagements.
  • Education, manufacturing, and financial services were the most affected sectors.

Riyadh, Saudi Arabia: Ahead of Black Hat MEA in Riyadh from 26-28 November 2024, Cisco, the worldwide leader in networking and security, released insights into key cybersecurity trends that emerged between July and September 2024. The findings are based on analysis from Cisco Talos, one of the most trusted threat intelligence research teams globally, highlighting a notable increase in identity-based and ransomware attacks.

Over the three-month period, there was a noticeable rise in identity-based attacks, particularly with a focus on stealing credentials, which accounted for 25% of incident response engagements. These types of attacks have become easier to execute, often using readily available tools.

Ransomware incidents also remained a significant concern, making up nearly 40% of engagements. New ransomware variants, including RansomHub, RCRU64, and DragonForce, were observed this quarter, alongside familiar variants like BlackByte and Cerber.

Organizations in the education, manufacturing, and financial services verticals were most affected this quarter, accounting for over 30% of compromises. This trend aligns with what was observed in previous quarters in 2024.

Cisco is participating as a Strategic Sponsor at Black Hat MEA 2024 under the theme “Innovating a New Era of Security,” showcasing its latest innovations in cybersecurity. This year, Cisco is highlighting how it powers and protects the engine of the AI revolution – AI-ready data centres and clouds – to make every application and device secure no matter how they are distributed or connected.

Salman Faqeeh, Managing Director, Cisco Saudi Arabia, commented: "The mounting trends in identity-based attacks and ransomware highlight the evolving nature of cyber threats. At Cisco, we are committed to supporting our customers in strengthening their digital resilience with advanced security solutions.” He added, “Black Hat MEA continues to be a significant platform for us to share latest threat insights and showcase our innovations that prevent identity-based attacks; detect and stop breaches; and close the exploit gap.”

Additionally, Splunk, a Cisco company, will showcase its innovations at the same booth, demonstrating solutions that support the future of Security Operations Centres (SOC) as well as specialized solutions for Operational Technology (OT) environments.

As part of Cisco’s program of events at Black Hat MEA, Lothar Renner, Managing Director, Cisco Security, EMEA, will deliver a keynote address on “Redefining Security in the Age of AI,” emphasizing Cisco's commitment to innovation and security in an increasingly complex threat environment.

Cisco will be present at booth H1-T20 at the Riyadh Exhibition & Conference Centre in Malham from 26-28 November 2024.

About Cisco 

Cisco (NASDAQ: CSCO) is the worldwide technology leader that securely connects everything to make anything possible. Our purpose is to power an inclusive future for all by helping our customers reimagine their applications, power hybrid work, secure their enterprise, transform their infrastructure, and meet their sustainability goals.  Discover more on The Newsroom and follow us on X at @Cisco.  

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.