Cybercriminals’ top target sector turns out to be individuals, states Trellix

News Desk -

Share

Trellix, the cybersecurity company that is delivering the future of extended detection and response (XDR), has released its Threat Labs Report: April 2022, which examines cybercriminal behavior over the previous six months. The report’s key findings include the fact that individual consumers are the number one target of cybercriminals, closely followed by the healthcare vertical. Furthermore, threats increased significantly in the transportation, shipping, manufacturing, and information technology industries.

“We’re at a critical juncture in cybersecurity and observing increasingly hostile behavior across an ever-expanding attack surface,” said Christiaan Beek, Lead Scientist and Principal Engineer, Trellix Threat Labs. “Our world has fundamentally changed. The fourth quarter signaled the shift out of a two-year pandemic which cybercriminals used for profit and saw the Log4Shell vulnerability impact hundreds of millions of devices, only to continue cyber momentum in the new year where we’ve seen an escalation of international cyber activity.” 

Threats to Critical Infrastructure

In the fourth quarter of 2021, there was an increase in cyberactivity directed at sectors critical to society’s functioning:

  • Transportation and shipping were the target of 27% of all advanced persistent threat (APT) — activity by adversarial and stealthy actors — detections.
  • Healthcare was the second most targeted sector, bearing 12% of total detections.
  • From Q3 to Q4 2021 threats to manufacturing increased 100%, and threats to information technology increased 36%. 
  • Of Trellix customers, the transportation sector was targeted in 62% of all observed detections in Q4 2021.

Trellix released a global Cyber Readiness Report earlier this month, looking into how critical infrastructure providers are preparing for cyberattacks. Despite high-profile breaches, it discovered that many critical infrastructure providers have not implemented cybersecurity best practices.

Threats to Individuals

Notably, the report discovered a significant 73% increase in cyber incidents targeting individuals, positioning people as the top attack sector in the fourth quarter of 2021. This includes threats delivered via social media, mobile devices, and other services where consumers store sensitive information and credentials. In Q4 2021, for example, Facebook discovered spyware campaigns targeting users all over the world, and another criminal group used Joker malware to target Android users all over the world. These attacks are typically politically motivated and are designed to track a person’s interactions and contacts.

This comes on the heels of the publication of ‘In the Crosshairs: Organizations and Nation-State Cyber Threats’, a report from Trellix and the Center for Strategic and International Studies that found that access to consumer data was and will likely continue to be the motivation for nearly half of state-backed cyberattacks.

“The rise in threats against individuals is definitely cause for concern for organizations, particularly given that a vast majority of employees now operate in a hybrid workplace, often using home networks (which are arguably less secure) and unmanaged devices. Organizations need to be able to put in place effective controls without hampering employee productivity — a difficult balance to strike but one that must be prioritized,” commented Vibin Shaju, General Manager, UAE, Trellix.

Q4 2021 Threat Activity

Ransomware Families. Lockbit (21%) was the most prevalent ransomware family detected in Q4 2021 — a 21% increase from Q3 — followed by Cuba (18%), and Conti (16%).

Ransomware Arrests. REvil/Sodinokibi, the top Ransomware Family detected in Q3 2021, did not rank among most prevalent detections in Q4 due to Global Law Enforcement interventions.

Ransomware Increase. Substantial increases in ransomware activity were observed in Italy (793%), the Netherlands (318%), and Switzerland (173%) in Q4 2021. India (70%) and the United Kingdom (47%) also experienced notable increases compared to Q3.

• Malware Families. RedLine Stealer (20%), Raccoon Stealer (17%), Remcos RAT (12%), LokiBot (12%), and Formbook (12%) amounted to almost 75% of malware families observed in Q4 2021.