Trellix released its Advanced Threat Research Report: January 2022 examining the most noteworthy cybercriminal activity in the third quarter of 2021, focusing on the resurgence of ransomware groups, growth and deep dive of Nation-State APT groups, and most targeted industry sectors.
Over the third quarter, cyber criminals employed alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors – hitting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections.
Key findings include:
Nation-State Operations: Russian and Chinese nation-state backed groups are believed to be responsible for nearly half (46% combined) of all observed APT threat activity
Ransomware Remains Prevalent: While ransomware activity was denounced and banned from numerous cybercriminal forums in Q2 2021, Trellix observed activity among the same threat actors on several forums using alternate personas
REvil/Sodinokibi claimed responsibility for successfully infecting more than 1 million and then demanding $70 million, making it the largest publicly known ransom amount to date.
Living off of the Land: Trellix observed PowerShell used in 42% and Windows Command Shell (CMD) in 40% of LotL detections to execute commands and gain access using software already on a target system to carry out attacks.
Maturing Advanced Pattern Techniques: Cobalt Strike attack suite abused by nation state actors, detected in over a third of APT activity
Malware Detections Increase: Formbook, Remcos RAT and LokiBot account for nearly 80% of malware detections
Most-Targeted Industry: In Q3 2021, the financial sector was the most targeted sector seeing 22% of ransomware and 37% of APT detections, followed by utilities, retail and government
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
