Cisco Talos Incident Response (CTIR) engagements continue to be dominated by ransomware and commodity trojans. Ransomware actors have begun exfiltrating sensitive data as another lever to further compel victims to pay the ransom. DDoS and coinminer threats reemerged in spring 2020 after absences in the previous quarter. The top targeted verticals were financial services and government, a change from last quarter when manufacturing was targeted. The report also observed continued exploitation of web applications, particularly for Citrix Application Delivery Controller.”]
Source: https://blog.talosintelligence.com/2020/04/IR-quarterly-threat-report-spring-2020.html