LockBit ransomware gang most apt to leak stolen victim data

Issue 1 2023 News

Trellix has released The Threat Report: February 2023 from its Advanced Research Centre, examining cybersecurity trends from the final quarter of 2022. Trellix combines telemetry collected from the world’s largest network of endpoint protection installs and its complete XDR product line with data gathered from open- and closed-source intelligence reports to deliver the report insights.


Carlo Bolzonello.

“Q4 saw malicious actors push the limits of attack vectors,” said John Fokker, Head of Threat Intelligence, at Trellix Advanced Research Centre. “Grey zone conflict and hacktivism led to an increase in cyber as statecraft and activity across threat actor leak sites. As the economic climate changes, organisations need to make the most effective security out of scarce resources.”

In South Africa, the threats and vulnerabilities follow similar targets and methods of infiltration, where human error, rather than system flaws, is exploited. Country lead for Trellix South Africa, Carlo Bolzonello, points to our most important institutions as the most attractive prey for international syndicates.

“The South African context for our findings overlaying the global results shows that ransomware and email threats are still top of the biggest threats to South Africa, with government a large focus followed by financial organisations,” Bolzonello says.

The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors, and examines threats to email, the malicious use of legitimate security tools, and more. Key findings include:

LockBit 3.0 most aggressive with ransom demands: While no longer the most active ransomware group (based on Trellix telemetry) – Cuba and Hive ransomware families generated more detections in Q4 – the LockBit cybercriminal organisation’s leak site reported the most victims. This makes LockBit the most vehement in pressuring their victims to comply with ransom demands. These cybercriminals use a variety of techniques to execute their campaigns, including exploiting vulnerabilities found as far back as 2018.

Nation-state activity led by China: APT actors linked to China, including Mustang Panda and UNC4191, were the most active in the quarter, generating a combined 71% of detected nation-state backed activity. Actors tied to North Korea, Russia, and Iran followed. The same four countries ranked the most active APT actors in public reports.

Critical infrastructure sectors most targeted: Sectors across critical infrastructure were most impacted by cyberthreats. Trellix observed 69% of detected malicious activity linked to nation-state backed APT actors targeting transportation and shipping, followed by energy, oil, and gas. According to Trellix telemetry, finance and healthcare were among the top targeted sectors by ransomware actors, and telecom, government and finance among the top sectors targeted via malicious email.

Fake CEO emails led to business email compromise: Trellix determined that 78% of business email compromise (BEC) involved fake CEO emails using common CEO phrases. This was a 64% increase from Q3 to Q4 2022. Tactics included asking employees to confirm their direct phone number to execute a voice-phishing – or vishing – scheme. 82% were sent using free email services, meaning threat actors need no special infrastructure to execute their campaigns.

The Threat Report: February 2023 includes proprietary data from Trellix’s sensor network, investigations into nation-state and cybercriminal activity by the Trellix Advanced Research Centre, open- and closed-source intelligence, and threat actor leak sites. The report is based on telemetry related to detection of threats, when a file, URL, IP-address, suspicious email, network behaviour or other indicator is detected and reported by the Trellix XDR platform.

Find more at https://www.trellix.com/en-us/advanced-research-center.html




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Prevention-first approach to cybersecurity
News Cyber Security
Check Point CEO, Gil Shwed, highlights the increasing importance of artificial intelligence in defending evolving networks and protecting against cyber threats at annual CPX 360 customer and partner event.

Read more...
Three new portable power stations to ease load shedding
News Security Services & Risk Management Products
EcoFlow has launched three portable power stations that provide sufficient power for consumers wherever they are; the DELTA 2 and RIVER 2 Series are feature-filled power solutions to the volatile electricity supply.

Read more...
UJ and Schneider Electric launch 4IR Experience Room
News
Schneider Electric and the University of Johannesburg (UJ) Faculty of Engineering and Built Environment (FEBE) have officially unveiled the 4IR Experience Room, a first for UJ and situated at the university’s Auckland Park Campus.

Read more...
SafeCity Guarding rolls out across 14 suburbs in Johannesburg
News Security Services & Risk Management
In a major drive to provide communities across Johannesburg with additional safety, Vumacam, in partnership with Fidelity ADT and other security providers across the region, rolled out the innovative SafeCity Guarding initiative in 14 suburbs.

Read more...
Providing an interactive branding platform
Securex South Africa News Conferences & Events
Now in its 30th year of providing security technology and services providers with a platform for increasing their brand exposure, Securex South Africa will be held at the Gallagher Convention Centre in Midrand, from the 6th to 8th June 2023.

Read more...
ALX sponsored learning programmes for 2023
Training & Education News
With a mission to harness Africa's abundant human capital by developing two million ethical and entrepreneurial young leaders from the continent by 2030, ALX has launched four fully sponsored (at no cost) tech programmes for 2023.

Read more...
Schneider Electric is looking for your bold idea
News
Schneider Electric has launched this year’s Schneider Go Green, an annual competition that invites university students from across the globe to share their ideas for innovations that can help make the world cleaner, more inclusive, and more sustainable.

Read more...
Paxton Introduces new rewards programme to South African installers
Paxton News
Paxton has launched Paxton Rewards, offering the first opportunity for installers in South Africa to earn rewards by participating in training, installing Paxton solutions, and completing activities or achievements. The programme is available via the Paxton Installer app.

Read more...
Keeping students, staff and communities safe
Vumacam News CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
South African schools are facing increasing security challenges, making effective surveillance systems more important than ever. To address this issue, Vumacam is offering advanced security solutions with security partners, aimed at keeping students, staff, and the community safe.

Read more...
Arcules and IMMIX announce integration
News CCTV, Surveillance & Remote Monitoring Products
Arcules has announced that its integration with Immix Central Station and Guard Force is available. The integration provides Central Station and Guard Force users a way to manage, verify, and respond to security events, while using Arcules-managed video feeds.

Read more...