4th Floor, 4 Tabernacle Street London EC2A 4LU

Trellix Reports Upsurge in Cyberattacks amidst Geopolitical Tensions

Open and native extended detection and response (XDR) platform provider, Trellix, has announced the release of its latest Threat Labs Report which examines cyberattacks over the last six months.

Released in April 2022, key findings from the report include increase in cyberattacks targeting critical infrastructures or sectors essential to the function of society such as healthcare, transportation, shipping, manufacturing and information technology industries. However, individual consumers lead the chart as the highest target of cybercriminals.

Trellix Threat Labs has also been investigating wiper malware and other cyberattacks targeting Ukraine. Wiper malwares render devices within targeted organizations useless by destroying the memory which is critical to how these devices operate. In this report, Trellix lists advanced persistent threat (APT) actors targeting Ukraine which include Actinium APT, Gamaredon APT, Nobelium APT (also known as APT29), UAC-0056 and Shuckworm APT. Of all APT activity, Trellix observed in Q4 2021 that APT29 accounted for 30% of the detections.

Significant increase in ransomware activity were also observed in Italy (793%), the Netherlands (318%), and Switzerland (173%) in Q4 2021. India (70%) and the United Kingdom (47%) also experienced notable increase compared to Q3 2021.

“We’re at a critical juncture in cybersecurity and observing increasingly hostile behavior across an ever-expanding attack surface,” said Christiaan Beek, Lead Scientist and Principal Engineer, Trellix Threat Labs.

“Our world has fundamentally changed. The fourth quarter signaled the shift out of a two-year pandemic which cybercriminals used for profit and saw the Log4Shell vulnerability impact hundreds of millions of devices, only to continue cyber momentum in the new year where we’ve seen an escalation of international cyber activity.”

This Threat Labs Report specifically indicated that transportation and shipping were the target of 27% of all advanced persistent threat (APT) activities, followed by Healthcare as the second most targeted sector, bearing 12% of total detections.

Threats to other sectors however increased significantly over the period under review, for instance, from Q3 to Q4 2021 threats to the manufacturing sector increased by 100%, and threats to the information technology sector also increased by36%.

Trellix further studied tactics, techniques and procedures used for its reviewed cyberattacks and observed the continuous use of Living off the Land (LotL) methods, where criminals use existing software and controls native to a device to execute an attack. Windows Command Shell (CMD) (53%) and PowerShell (44%) were the most-frequently used NativeOS Binaries, and Remote Services (36%) was the most-used Administrative Tool in Q4 2021.