iscover
ReporterShare this article on:
Powered by
MOMENTUM
MEDIA
Trellix has found that 64 per cent of recently detected ransomware activity in the US was targeting the business services sector, which reveals that organisations responsible for keeping their customers secure and operational are attractive targets for ransomware groups.
The Trellix researchers have also found that many ransomware gangs continue to publicly align themselves with nation-states to target critical infrastructure, in an analysis of cyber security trends and attack methods from the first quarter of 2022 published in their report titled, Threat Report: Summer 2022.
According to Christiaan Beek, lead scientist and senior principal engineer at Trellix, caution is key.
"With the merging of our digital and physical worlds, cyber attacks cause more chaos in our daily lives.
"Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back.
"Global threat actors have novel cyber artillery ready to deploy in case of escalation and organisations need to remain vigilant," Beek said.
Trellix leveraged proprietary data from its network of over one billion sensors, open-source intelligence and previous Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity.
Increased threats to business services have been found to be rising threats, with malicious cyber actors opting to target companies providing IT, finance and other types of consulting, or contract services. By targeting this sector more often, the trend demonstrates cyber criminals' desire to disrupt multiple companies with a single attack.
Trellix researchers observed that business services is the second most targeted sector, accounting for 64 per cent of total US ransomware detections; positioned after telecom companies across global ransomware detections, malware detections, and nation-state backed attacks in Q1 2022.
Following the January arrests of members of the REvil ransomware gang, payouts to attackers declined but ransomware groups have been building lockers targeting virtualisation services with varied success, Trellix researchers added.
Leaked chats from the quarter's second most active ransomware gang, Conti, which publicly expressed allegiance to the Russian administration, seem to confirm the government is directing cyber criminal enterprises. On the flip side, cyber attacks directed at Russia are now drastically rising, driven by counterattacks by groups aligned with Ukraine, as the Russia-Ukraine war continues, but other malicious cyber actors appear to be taking advantage of the chaos.
The Trellix researchers also found a massive rise in detected LotL attacks compared to last year, leading them to start ranking as one of the most common attack flows used and incorporated in cyber attacks today.
Telemetry analysis revealed phishing URLs and malicious document trends in email security, with the most malicious emails detected containing a phishing URL used to steal credentials or lure victims to download malware. Trellix also identified emails with malicious documents and executables like infostealers and Trojans attached.
[Related: Aussie TikTok users’ private data accessible to China-based staff]
Be the first to hear the latest developments in the cyber industry.
