We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Trellix has released a new report examining cybercriminal behavior over the last six months, leveraging proprietary data from Trellix’s network of over 1 billion sensors along with open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity.
Key findings include individual consumers as the No. 1 target of cybercriminals with a 73% increase in cyber incidents detected in Q4 2021. Threats to the healthcare vertical followed close behind, while transportation, shipping, manufacturing and information technology industries also showed a sharp increase in threats.
“We’re at a critical juncture in cybersecurity and observing increasingly hostile behavior across an ever-expanding attack surface,” said Christiaan Beek, lead scientist and principal engineer of Trellix Threat Labs. “Our world has fundamentally changed. The fourth quarter signaled the shift out of a two-year pandemic which cybercriminals used for profit and saw the Log4Shell vulnerability impact hundreds of millions of devices, only to continue cyber momentum in the new year where we’ve seen an escalation of international cyber activity.”
Q4 2021 saw increased activity targeting sectors essential to the function of society. Transportation and shipping were the target of 27% of all advanced persistent threat (APT) detections. Healthcare was the second most targeted sector, bearing 12% of total detections. From Q3 to Q4 2021 threats to manufacturing increased 100%, and threats to information technology increased 36%. Of Trellix customers, the transportation sector was targeted in 62% of all observed detections in Q4 2021.
The report lists threat actors targeting Ukraine, including Actinium APT, Gamaredon APT, Nobelium APT (also known as APT29), UAC-0056 and Shuckworm APT. Of all APT activity Trellix observed in Q4 2021, APT29 accounted for 30% of the detections. The report details recommendations for organizations seeking to proactively protect their environment from tactics these actors use.
Trellix observed the continued use of Living off the Land (LotL) methods, where criminals use existing software and controls native to a device to execute an attack. Windows Command Shell (CMD) (53%) and PowerShell (44%) were the most-frequently used NativeOS Binaries, and Remote Services (36%) was the most-used Administrative Tool in Q4 2021.
Read the full report by Trellix.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.