Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), released The Threat Report: Summer 2022, analyzing cybersecurity trends and attack methods from the first quarter of 2022.
The report also features research from Trellix Threat Labs into connected healthcare and
access control systems. It also includes analysis of email security trends and details the
evolution of Russian cybercrime related to the conflict in Ukraine where new malware or
methods have yet to be observed. Key findings:
- Increased Threats to Business Services: Companies providing IT, finance and other
types of consulting and contract services were targeted by adversarial actors more often,
demonstrating cybercriminals desire to disrupt multiple companies with one attack.
Business services accounted for 64% of total U.S. ransomware detections and was the
second most targeted sector behind telecom across global ransomware detections,
malware detections, and nation-state backed attacks in Q1 2022,
- Ransomware Evolution: Following the January arrests of members of the REvil
ransomware gang, payouts to attackers declined. Trellix also observed ransomware
groups building lockers targeting virtualization services with varied success. Leaked
chats from the quarter’s second most active ransomware gang, Conti, which publicly
expressed allegiance to the Russian administration, seem to confirm the government is
directing cybercriminal enterprises.
- Email Security Trends: Telemetry analysis revealed phishing URLs and malicious
document trends in email security. Most malicious emails detected contained a phishing
URL used to steal credentials or lure victims to download malware. Trellix also identified
emails with malicious documents and executables like infostealers and trojans attached.
“With the merging of our digital and physical worlds, cyberattacks cause more chaos in our daily lives,” said Christiaan Beek, Lead Scientist and Senior Principal Engineer, Trellix. “Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the
war in Ukraine tells us tools are being held back. Global threat actors have novel cyber artillery
ready to deploy in case of escalation and organizations need to remain vigilant.”
The Threat Report: Summer 2022 leverages proprietary data from Trellix’s network of over one billion sensors, open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity. Telemetry related to detection of threats is used for the purposes of this report. A detection is when a file, URL, IP-address, suspicious email, network behavior or other indicator is detected and reported via the Trellix XDR ecosystem.