We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
Trelix has released a new report investigating cybercriminal behavior over the past six months, using proprietary data from a network of more than 1 billion sensors, including open-source intelligence and Trelix threat labs to investigate prevalent threats such as ransomware and nation-state activity.
Key findings include individual consumers. 1 target of cyber criminals with a 73% increase in cyber incidents in Q4 2021. The risks to the healthcare vertical are behind, while the transportation, shipping, manufacturing and information technology industries have also seen a sharp rise in threats.
“We are at a critical juncture in cyber security and are increasingly monitoring hostile behavior on the surface of an ever-expanding attack,” said Christian BK, chief scientist and chief engineer at Trelix Threat Labs. “Our world has fundamentally changed. The fourth quarter signaled the end of a two-year epidemic that cybercriminals used for profit and the Log4Shell vulnerability affected millions of devices, only to continue the cyber momentum in the new year where we have seen an increase in international cyber activity. “
Q4 2021 saw an increase in activity targeting areas necessary for the functioning of society. Transportation and shipping accounted for 27% of all Advanced Persistent Threat (APT) detection. Healthcare was the second most targeted sector, accounting for 12% of total searches. From Q3 to Q4 2021, risks to manufacturing increased 100%, and risks to information technology increased 36%. Of the Trelex customers, the transportation sector was targeted in 62% of all observed searches in Q4 2021.
The report lists the endangered artists targeting Ukraine, including Actinium APT, Gameradon APT, Nobleium APT (also known as APT 29), UAC-0056 and Shukworm APT. Of all the APT activity trells observed in Q4 2021, APT29 accounted for 30% of searches. The report details the recommendations for organizations seeking to actively protect their environment from the strategies used by these artists.
Trelix observed the continued use of Living of the Land (LotL) methods, where criminals use existing software to carry out attacks and use the original control of the device. Windows Command Shell (CMD) (53%) and PowerShell (44%) were the most used NativeOS binary, and Remote Services (36%) was the most used administrative tool in Q4 2021.
Read the full report via Trelex.
Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more about membership.