Highlights

  • The Q4 report revealed that individuals were the target point of the cybercriminals.
  • Trellix also revealed that attackers are using Living off the Land (LotL) methods, a cyberattack in which intruders use legitimate software and functions available in the system to perform malicious actions.

A recent report by Trellix analyzed cybercriminal activities over the past six months, using proprietary data collected from Trellix’s community of over one billion sensors along with open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state exercise.

About 73% of cyber incidences in Q4, 2021, were reported by individual consumers, who were the top targets of cybercriminals.

The healthcare sector was the next in line, followed closely by the transportation, shipping, manufacturing, and information technology industries, which registered a sharp increase in threats.

“We’re at an essential juncture in cybersecurity and observing more hostile conduct throughout an ever-expanding assault floor,” stated Christiaan Beek, lead scientist and principal engineer of Trellix Risk Labs. “Our world has essentially modified. The fourth quarter signalled the shift out of a two-year pandemic which cybercriminals used for revenue and noticed the Log4Shell vulnerability impression a whole lot of hundreds of thousands of gadgets, solely to proceed cyber momentum within the new 12 months the place we’ve seen an escalation of worldwide cyber exercise.”

The fourth quarter witnessed an increased activity, focusing on sectors that are important for the function of society — almost 27% of all Advanced Persistent Threat (APT) detections targeted transportation and shipping. Healthcare was the second most targeted sector, with 12% of total detections.

The threat to the manufacturing industry increased by 100% from Q3 to Q4 2021, while threats to the information technology sector increased by 36%.

According to Trellix customers, from all the observed detections in Q4 2021, cybercriminals targeted about 62% of the transportation sector.

According to the report, Ukraine, including Actinium APT, Gamaredon APT, Nobelium APT (also known as APT29), UAC-0056, and Shuckworm APT were the target of threat actors. APT29 accounted for 30% of the detections among all the APT activity Trellix observed in Q4 2021. The report presents detailed recommendations for organizations looking to protect their environment from tactics these actors use.

The report mentioned the continuous use of Living off the Land (LotL) methods, where existing software and controls native to the device are used to execute an attack.

Windows Command Shell (CMD) (53%) and PowerShell (44%) were the most frequently used NativeOS Binaries, and Remote Services (36%) was the most-used Administrative Tool in Q4 2021.