Trellix, a cybersecurity firm specializing in extended detection and response (XDR), unveiled its latest findings in The CyberThreat Report: November 2023, as reported by its Advanced Research Center. The report sheds light on emerging trends in cyber threats, including increased collaboration between ransomware groups and state-sponsored advanced persistent threat (APT) actors, the adoption of lesser-known programming languages for malware, and the proliferation of Generative AI (GenAI) tools by cybercriminals.
Head of Threat Intelligence at Trellix Advanced Research Center.
“As technology advances, so does cybercrime, and understanding the changing landscape is vital for CISOs and SecOps teams to stay ahead of threats.”
Key highlights from the Trellix Advanced Research Center’s CyberThreat Report include:
1. Malicious GenAI: Cybercriminals are leveraging Generative AI to enhance phishing campaigns, bypassing traditional protections. The report suggests an increasing scale and speed of phishing attacks, indicating potential deployment of malicious GenAI tools.
2. Geopolitical Threat Activity: The report notes a significant spike of over 50% in nation-state threat activity in the last six months. This increase is attributed to escalating conflicts in Russia and Ukraine, heightened cyber activity in Israel during the conflict, and disruptive attacks on Taiwan leading up to their 2024 elections.
3. Ransomware Developments: Unusual variations in ransomware families and an increase in incidents, particularly in Q2, were observed globally. The research also identified a fragmentation of large ransomware groups, with the emergence of smaller groups and a focus on data exfiltration.
4. Underground Collaboration: The past six months witnessed a rise in active collaboration among threat actors on Dark Web forums. This included formal group alliances, increased sharing/selling of zero-day vulnerabilities, joint development efforts for proof-of-concepts, and other cooperative activities.
5. Polyglot Malware: New programming languages are gaining popularity among cybercriminals, with Golang being a preferred choice for ransomware (32%), backdoors (26%), and Trojan Horses (20%). This trend further complicates the cybersecurity landscape, contributing to the challenges faced by defenders.
The Trellix Advanced Research Center’s comprehensive analysis aims to assist Chief Information Security Officers (CISOs) in understanding and mitigating evolving cybersecurity risks. The report combines proprietary data from Trellix’s sensor network, investigations into nation-state and cybercriminal activity, and open and closed-source intelligence. The insights are derived from telemetry related to threat detection on the Trellix XDR platform, encompassing files, URLs, IP addresses, suspicious emails, network behaviors, and other indicators.