Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released The Threat Report: November 2022 from its Center for Advanced Research, home to the world’s leading security researchers and intelligence experts. . The latest report looks at cybersecurity trends from the third quarter of 2022.
“Interestingly, the trends seen in South Africa are pretty much in line with what’s happening globally,” says Carlo Bolzonello, country lead for Trellix South Africa. “In the last 12 months, we have seen an increase in the activity of cybercrime actors targeting South Africans and while the actors may be different, the attacks are the same, in terms of global presence.
“Indeed, South African companies are taking the necessary steps to protect themselves against cyber threats, but the financial investment this requires is substantial. This is especially challenging considering the exchange rate against the dollar, which has an impact on the ability of some organizations to keep abreast of the most relevant technologies from foreign vendors.
“Furthermore, human capacity in cyber security resources remains a major issue, as there is a severe skills shortage in South Africa. This is not even taking into account the steady exodus of these already rare skills from the country, with people driven by better wages and work-from-home offers from international companies, which are more progressive when it comes to remote work,” Bolzonello. He says.
He adds that to adequately protect themselves and their customers’ information, South African companies must make aggressive investments in both areas simultaneously, acquiring the best technologies and continually equipping people (both users and security personnel) with relevant information at a global level. world. capabilities.
The report includes evidence of malicious activity linked to ransomware and nation-state-backed advanced persistent threat (APT) actors. Examine malicious cyberactivity, including email threats, malicious use of legitimate third-party security tools, and more. Key results:
- US ransomware activity leads the pack: In the US alone, ransomware activity increased 100% quarter over quarter across transport and shipping. Globally, transportation was the second most active sector (after telecommunications). APTs were also detected in transportation more than in any other sector.
- Germany saw the highest detections: Germany not only generated the highest number of threat detections related to APT actors in Q3 (29% of observed activity), but also had the highest number of ransomware detections. Ransomware detections increased 32% in Germany in the third quarter and generated 27% of global activity.
- Escalated Emerging Threat Actors: China-linked threat actor Mustang Panda had the most detected threat indicators in Q3, followed by Russia-linked APT29 and Pakistan-linked APT36.
- Ransomware evolved: Phobos, a ransomware that is sold as a complete kit in the cyber criminals’ underground, has avoided public reports until now. It accounted for 10% of global detected activity and was the second most widely used ransomware detected in the US. LockBit continued to be the most detected ransomware globally, generating 22% of detections.
- The old vulnerabilities continued to prevail: Years-old vulnerabilities continue to be successful exploitation vectors. Trellix noted that the Microsoft Equation Editor vulnerabilities comprised of CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802 are the most exploited among malicious emails received by customers during Q3.
- Malicious use of Cobalt Strike: Trellix found that Cobalt Strike was used in 33% of observed global ransomware activity and 18% of APT detections in Q3. Cobalt Strike, a legitimate third-party tool created to emulate attack scenarios to improve security operations, is a favored tool for attackers who repurpose its capabilities for malicious intent.
“So far, in 2022, we have seen relentless activity outside of Russia and other state-sponsored groups,” said John Fokker, Trellix’s head of threat intelligence. “This activity is compounded by a rise in politically motivated hacktivism and sustained ransomware attacks on healthcare and education. The need for increased scrutiny of cyber threat actors and their methods has never been greater.”
The Threat Report: November 2022 leverages proprietary data from the Trellix sensor network, research on ransomware activity and nation states conducted by the Trellix Advanced Research Center, and open source intelligence. Telemetry related to threat detection is used for this report. A detection is when a file, URL, IP address, suspicious email, network behavior or other indicator is detected and reported through the Trellix XDR platform.
staff writer