Trellix, the cybersecurity company that is delivering the future of extended detection and response (XDR), has released its Threat Labs Report: April 2022, which examines cybercriminal behavior over the previous six months. The report’s key findings include the fact that individual consumers are the number one target of cybercriminals, closely followed by the healthcare vertical. Furthermore, threats increased significantly in the transportation, shipping, manufacturing, and information technology industries.
“We’re at a critical juncture in cybersecurity and observing increasingly hostile behavior across an ever-expanding attack surface,” said Christiaan Beek, Lead Scientist and Principal Engineer, Trellix Threat Labs. “Our world has fundamentally changed. The fourth quarter signaled the shift out of a two-year pandemic which cybercriminals used for profit and saw the Log4Shell vulnerability impact hundreds of millions of devices, only to continue cyber momentum in the new year where we’ve seen an escalation of international cyber activity.”
In the fourth quarter of 2021, there was an increase in cyberactivity directed at sectors critical to society’s functioning:
Trellix released a global Cyber Readiness Report earlier this month, looking into how critical infrastructure providers are preparing for cyberattacks. Despite high-profile breaches, it discovered that many critical infrastructure providers have not implemented cybersecurity best practices.
Notably, the report discovered a significant 73% increase in cyber incidents targeting individuals, positioning people as the top attack sector in the fourth quarter of 2021. This includes threats delivered via social media, mobile devices, and other services where consumers store sensitive information and credentials. In Q4 2021, for example, Facebook discovered spyware campaigns targeting users all over the world, and another criminal group used Joker malware to target Android users all over the world. These attacks are typically politically motivated and are designed to track a person’s interactions and contacts.
This comes on the heels of the publication of ‘In the Crosshairs: Organizations and Nation-State Cyber Threats’, a report from Trellix and the Center for Strategic and International Studies that found that access to consumer data was and will likely continue to be the motivation for nearly half of state-backed cyberattacks.
“The rise in threats against individuals is definitely cause for concern for organizations, particularly given that a vast majority of employees now operate in a hybrid workplace, often using home networks (which are arguably less secure) and unmanaged devices. Organizations need to be able to put in place effective controls without hampering employee productivity — a difficult balance to strike but one that must be prioritized,” commented Vibin Shaju, General Manager, UAE, Trellix.
• Ransomware Families. Lockbit (21%) was the most prevalent ransomware family detected in Q4 2021 — a 21% increase from Q3 — followed by Cuba (18%), and Conti (16%).
• Ransomware Arrests. REvil/Sodinokibi, the top Ransomware Family detected in Q3 2021, did not rank among most prevalent detections in Q4 due to Global Law Enforcement interventions.
• Ransomware Increase. Substantial increases in ransomware activity were observed in Italy (793%), the Netherlands (318%), and Switzerland (173%) in Q4 2021. India (70%) and the United Kingdom (47%) also experienced notable increases compared to Q3.
• Malware Families. RedLine Stealer (20%), Raccoon Stealer (17%), Remcos RAT (12%), LokiBot (12%), and Formbook (12%) amounted to almost 75% of malware families observed in Q4 2021.