Exfiltration [TA0010]: For the second consecutive quarter, Exfiltration remains in the top spot with 77% of our cases in line with 78% in Q1 and 77% in Q4. This consistency has been maintained both by a continued focus on exfiltration as either a precursor to an encryption attack or as the sole tactic, but also by a significant increase in “lone wolf” attacks focused solely on DXF.  In Q2, exfiltration attempts included leveraging weakly secured Snowflake instances. This wave of attacks demonstrates how third party cloud applications can easily become targets for threat actors looking to score cheap exfiltration opportunities.