Intelligent CISO Issue 57 | Page 27

editor ’ s question



? rellix , the

T cybersecurity company delivering the future of extended detection and response ( XDR ), recently released The Threat Report : Fall 2022 from its Advanced Research Center , home to the world ’ s most elite security researchers and intelligence experts . The report analyses cybersecurity trends from the third quarter of 2022 .

The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat ( APT ) actors . It examines malicious cyberactivity including threats to email , the malicious use of legitimate third-party security tools , and more . Key findings include :
• US ransomware activity leads the pack : In the US alone , ransomware activity increased 100 % quarter over quarter in transportation and shipping . Globally , transportation was the second most active sector ( following telecom ). APTs were also detected in transportation more than in any other sector .
• Germany saw the highest detections : Not only did Germany generate the most threat detections related to APT actors in Q3 ( 29 % of observed activity ), but it also had the most ransomware detections . Ransomware detections rose 32 % in Germany in Q3 and generated 27 % of global activity .
• Emerging threat actors scaled : The China-linked threat actor , Mustang Panda , had the most detected threat indicators in Q3 , followed by Russian-linked APT29 and Pakistanlinked APT36 .
• Ransomware evolved : Phobos , a ransomware sold as a complete kit in the cybercriminal underground , has avoided public reports until now . It accounted for 10 % of global detected activity and was the second most used ransomware detected in the US . LockBit continued to be the most detected ransomware globally , generating 22 % of detections .
• Old vulnerabilities continued to prevail : Years-old vulnerabilities continue to be successful exploitation vectors . Trellix observed Microsoft Equation Editor vulnerabilities comprised by CVE- 2017-11882 , CVE-2018-0798 and CVE-2018-0802 to be the most exploited among malicious emails received by customers during Q3 .
• Malicious use of Cobalt Strike : Trellix saw Cobalt Strike used in
33 % of observed global ransomware activity and in 18 % of APT detections in Q3 . Cobalt Strike , a legitimate third-party tool created to emulate attack scenarios to improve security operations , is a favourite tool of attackers who repurpose its capabilities for malicious intent .
“ In 2022 , we [ saw ] unremitting activity out of Russia and other state-sponsored groups ,” said John Fokker , Head of Threat Intelligence , Trellix . “ This activity is compounded by a rise in politically motivated hacktivism and sustained ransomware attacks on healthcare and education . The need for increased inspection of cyberthreat actors and their methods has never been greater .”
The Threat Report : Fall 2022 leverages proprietary data from Trellix ’ s sensor network , investigations into nation-state and ransomware activity by the Trellix Advanced Research Center , and opensource intelligence . Telemetry related to detection of threats is used for this report . A detection is when a file , URL , IP-address , suspicious email , network behaviour , or other indicator is detected and reported via the Trellix XDR platform . www . intelligentciso . com