We look forward to presenting Transform 2022 in person again on July 19th and virtually from July 20th to 28th. Join us for insightful conversations and exciting networking opportunities. Register today!
Trellix has released a new report examining cybercriminal behavior over the past six months, combining proprietary data from Trellix’s network of over 1 billion sensors along with open source information and research from Trellix Threat Labs on common threats such as ransomware and government activities.
Key findings include individual consumers as the #1 target of cybercriminals, with a 73% increase in cyber incidents detected in Q4 2021. Health care threats followed closely behind, while the transportation, shipping, manufacturing and information technology industries also saw strong increases in threats.
“We are at a critical juncture in cybersecurity and are seeing increasing levels of hostile behavior across an ever-expanding attack surface,” said Christiaan Beek, Principal Investigator and Chief Engineer, Trellix Threat Labs. “Our world has changed fundamentally. The fourth quarter signaled a departure from a two-year pandemic that cybercriminals were capitalizing on, and saw the Log4Shell vulnerability impact hundreds of millions of devices, only to continue cyberdynamics into the new year, in which we saw an escalation of international cyber activity. “
In Q4 2021, increased activities were carried out targeting sectors essential for the functioning of society. Transport and shipping were the target of 27% of all Advanced Persistent Threat (APT) detections. Healthcare was the second most targeted sector, accounting for 12% of all detections. From Q3 to Q4 2021, manufacturing threats increased by 100% and information technology threats increased by 36%. Among Trellix customers, the transportation sector was targeted for 62% of all observed detections in Q4 2021.
The report lists threat actors targeting Ukraine including Actinium APT, Gamaredon APT, Nobelium APT (aka APT29), UAC-0056, and Shuckworm APT. Of all APT activity observed by Trellix in Q4 2021, APT29 accounted for 30% of detections. The report provides recommendations for organizations that want to proactively protect their environment from the tactics of these actors.
Trellix observed the continued use of Living off the Land (LotL) methods, in which criminals use existing software and a device’s native controls to carry out an attack. Windows Command Shell (CMD) (53%) and PowerShell (44%) were the most used NativeOS binaries and Remote Services (36%) was the most used management tool in Q4 2021.
Read the full Trellix report.
VentureBeat’s mission is intended to be a digital marketplace for technical decision makers to acquire knowledge about transformative enterprise technology and to conduct transactions. Learn more about membership.