Trellix Finds LockBit Ransomware Gang Most Apt to Leak Stolen Data
Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released The Threat Report: February 2023 from its Advanced Research Center, examining cybersecurity trends from the final quarter of 2022. Trellix combines telemetry collected from its extensive network of endpoint protection installs and its complete XDR product line with data gathered from open and closed source intelligence reports to deliver report insights.
“Q4 saw malicious actors push the limits of attack vectors,” said John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center. “Grey zone conflict and hacktivism have both led to an increase in cyber as statecraft as well as a rise in activity on threat actor leak sites. As the economic climate changes, organizations need to make the most effective security out of scarce resources.”
The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors, and examines threats to email, the malicious use of legitimate security tools, and more. Key findings include:
LockBit 3.0 Most Aggressive with Ransom Demands: While no longer the most active ransomware group according to Trellix telemetry – Cuba and Hive ransomware families generated more detections in Q4 – the LockBit cybercriminal organization’s leak site reported the most victims. This data makes LockBit the most aggressive in pressuring their victims to comply with ransom demands. These cybercriminals use a variety of techniques to execute their campaigns, including exploiting vulnerabilities found as far back as 2018.
Nation-State Activity Led by China: APT actors linked to China, including Mustang Panda and UNC4191, were the most active in the quarter, generating a combined 71% of detected nation-state backed activity. Actors tied to North Korea, Russia, and Iran followed. The same four countries ranked the most active APT actors in public reports.
Critical Infrastructure Sectors Most Targeted: Sectors across critical infrastructure were most impacted by cyberthreats. Trellix observed 69% of detected malicious activity linked to nation-state backed APT actors targeting transportation and shipping, followed by energy, oil, and gas. According to Trellix telemetry, finance and healthcare were among the top sectors targeted by ransomware actors, and telecom, government, and finance among the top sectors targeted via malicious email.
Fake CEO Emails Led to Business Email Compromise: Trellix determined 78% of business email compromise (BEC) involved fake CEO emails using common CEO phrases, resulting in a 64% increase from Q3 to Q4 2022. Tactics included asking employees to confirm their direct phone number to execute a voice-phishing – or vishing – scheme. 82% were sent using free email services, meaning threat actors need no special infrastructure to execute their campaigns.
The Threat Report: February 2023 includes proprietary data from Trellix’s sensor network, investigations into nation-state and cybercriminal activity by the Trellix Advanced Research Center, open and closed source intelligence, and threat actor leak sites. The report is based on telemetry related to detection of threats, when a file, URL, IP-address, suspicious email, network behavior or other indicator is detected and reported by the Trellix XDR platform.
INTERVIEWS
TOP VIDEOS
SECURITY
SOFTWARE
Adobe unveils Content Supply Chain Solution
At Adobe Summit 2023, Adobe announced Content Supply Chain solution, the most comprehensiv...
Aerospike boosts Community Leadership and Enterprise Support for Spring Framework
Aerospike has released expanded functionality and engineering support for the Spring Frame...
VMware announces Limitless Possibilities for Partners
VMware has announced the next evolution of the company’s flagship VMware Partner Con...
START - UP
PERIPHERALS
INDUSTRY EVENTS
The new wave of start-ups in the country is a testimony to the entrepreneurial temperament of the youth
PHDCCI conducted “Bharat Startup Summit, 2023” The conclave through discussion...
Team Computers hosts an Experiential CXO Meet with Google Cloud in Goa
Team Computers has held an experiential event in collaboration with Google Cloud, bringing...
BPE showcases Energy Storage Solutions at ELECRAMA
Best Power Equipments (BPE) has presented Energy Storage Solutions (ESS) at ELECRAMA. The...
Synersoft Technologies organizes a Webinar on the problems faced by SMEs
Synersoft Technologies has organized a Webinar on “Solution to problems faced by SME...
E- COMMERCE
