Trellix released
The Threat Report: Summer 2022, analyzing cybersecurity trends and attack methods from the first quarter of 2022.
The
report features research from Trellix Threat Labs into connected
healthcare and access control systems. It also includes analysis of
email security trends and details the evolution of Russian cybercrime
related to the conflict in Ukraine where new malware or methods have yet
to be observed. Key findings:
- Increased Threats to Business Services: Companies
providing IT, finance and other types of consulting and contract
services were targeted by adversarial actors more often, demonstrating
cybercriminals desire to disrupt multiple companies with one attack.
Business services accounted for 64% of total U.S. ransomware detections
and was the second most targeted sector behind telecom across global
ransomware detections, malware detections, and nation-state backed
attacks in Q1 2022.
- Ransomware Evolution: Following
the January arrests of members of the REvil ransomware gang, payouts to
attackers declined. Trellix also observed ransomware groups building
lockers targeting virtualization services with varied success. Leaked
chats from the quarter's second most active ransomware gang, Conti,
which publicly expressed allegiance to the Russian administration, seem
to confirm the government is directing cybercriminal enterprises.
- Email Security Trends: Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most
malicious emails detected contained a phishing URL used to steal
credentials or lure victims to download malware. Trellix also identified
emails with malicious documents and executables like infostealers and
trojans attached.
"With
the merging of our digital and physical worlds, cyberattacks cause more
chaos in our daily lives," said Christiaan Beek, Lead Scientist and
Senior Principal Engineer, Trellix. "Adversaries know they are being
watched closely; the absence of new tactics observed in the wild during
the war in Ukraine tells us tools are being held back. Global threat
actors have novel cyber artillery ready to deploy in case of escalation
and organizations need to remain vigilant."
The Threat Report: Summer 2022 leverages
proprietary data from Trellix's network of over one billion sensors,
open-source intelligence and Trellix Threat Labs investigations into
prevalent threats like ransomware and nation-state activity. Telemetry
related to detection of threats is used for the purposes of this report.
A detection is when a file, URL, IP-address, suspicious email, network
behavior or other indicator is detected and reported via the Trellix XDR
ecosystem.