The education sector has been confirmed as a prime target for threat actors, with 29% of attacks originating from vulnerability exploitation and 30% from phishing campaigns on K-12 schools in 2023.
The figures come from the latest report by Critical Start, a Managed Detection and Response (MDR) cybersecurity solutions provider.
The firm’s biannual Cyber Threat Intelligence Report, published earlier today, sheds light on noteworthy cyber-threats and emerging trends affecting various industries, including finance, education manufacturing and state and local government.
One of the key findings in the report is the increasing use of Quick Response (QR) codes in phishing attacks. In these attacks, cyber-criminals disguise themselves as Microsoft security notifications and embed QR codes within PNG images or PDF attachments to deceive victims.
Read more on QR code-based attacks: QR Code Campaign Targets Major Energy Firm
The report also revealed that ransomware groups are collaborating more extensively than previously thought, sharing tactics and procedures in greater detail. Critical Start believes this cooperative approach among threat actors emphasizes the evolving nature of the cybercrime landscape.
Another notable security concern is related to Microsoft Teams, which allows external accounts to send harmful files directly to an organization’s staff, potentially bypassing security measures and anti-phishing training. This increases the risk of successful attacks.
The report also discussed the actions of Volt Typhoon, a threat actor sponsored by the Chinese state, who is likely to continue carrying out cyber-espionage campaigns in support of China’s broader government agenda against US critical infrastructure.
“The volume and sophistication of cyber-attacks is continuously growing and evolving, making it impossible for organizations to feel on top of internal vulnerabilities and remain cognizant of every external threat,” said Callie Guenther, senior manager of cyber-threat research at Critical Start.
“To democratize cyber threat intelligence, this report highlights the most prominent security-related issues plaguing business and how they can proactively reduce cyber risk.”