Trellix detects collaboration by cybercriminals and nation states

Issue 7 2023 News & Events, Information Security

Carlo Bolzonello.

Trellix has released The CyberThreat Report: November 2023 from its Advanced Research Centre. Trellix observed indicators of collaboration between ransomware groups and nation-state-backed advanced persistent threat (APT) actors, adoption and usage of lesser-known programming languages for malware, and cybercriminals developing Generative AI (GenAI) tools.

"As technology advances, so does cybercrime, and understanding the changing landscape is vital for CISOs and SecOps teams to stay ahead of threats," said John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center. “Cybercriminals are becoming increasingly more agile, organised, and politically aligned. It is imperative that defenders refer to threat intelligence to strengthen their security posture with limited resources."

The Trellix Advanced Research Center’s latest CyberThreat Report includes:

● Malicious GenAI: Cybercriminals bypass protections to take advantage of commonly known tools and use GenAI to enhance phishing campaigns. The accelerating scale and speed of phishing attacks indicates malicious GenAI may already be in deployment today.

● Geopolitical Threat Activity: Nation state threat activity spiked over 50% in the last six months due to conflict escalation in Russia and Ukraine, intensified cyber activity in Israel just before and during the conflict, and disruptive attacks on Taiwan heading into their 2024 elections.

● Ransomware Developments: Global detections and industry-reported incidents, particularly in Q2, reflect unusual variations in ransomware families, as well as countries and industries targeted. The Trellix Advanced Research Center also observed a splintering of large ransomware groups, with the introduction of smaller groups and more attacks focused on data exfiltration.

● Underground Collaboration: The last six months demonstrated an increase in threat actors actively collaborating on Dark Web forums. This spanned groups formally joining together (‘The Five Families’), an escalation in selling/sharing of zero-day vulnerabilities, joint PoC development efforts to accelerate exploitations, and more.

● Polyglot Malware: Cyber, a polycrisis itself, is a threat multiplier – and the rise of polyglot malware further exacerbates this. New programming languages are becoming popular malware choices, with Golang seeing high usage for ransomware (32%), backdoors (26%), and Trojan Horses (20%).

The cybersecurity landscape experiences upheaval regularly as geopolitical and economic developments create an increasingly complicated and uncertain world. New cyber actors emerge daily, while new vulnerabilities, exploits, and tactics are constantly discovered. The comprehensive analysis provided by the Trellix Advanced Research Center serves as a vital resource for today’s CISOs to understand and mitigate evolving cybersecurity risks in an interconnected world.

The CyberThreat Report: November 2023 includes proprietary data from Trellix’s sensor network, investigations into nation state and cybercriminal activity by the Trellix Advanced Research Center, and open and closed-source intelligence. The report is based on telemetry related to detection of threats, when a file, URL, IP-address, suspicious email, network behaviour, or other indicator is detected and reported by the Trellix XDR platform.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

From the editor's desk: Securing your secure access
Technews Publishing News & Events
      Welcome to SMART Security Solutions’ first print publication of the year, the SMART Access & Identity Handbook 2024. In this issue, we cover various issues relevant to this industry, from digital to ...

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

International access manufacturer sets up shop in SA
Technews Publishing Access Control & Identity Management News & Events Products & Solutions
The South African security market can always use some good news, and this year, STid has obliged by formally entering the South African market, setting up its main office in the Boomgate Experience Centre in Roodepoort, Johannesburg.

Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Re-introduction of the booking system
PSiRA (Private Security Ind. Regulatory Authority) News & Events
[Sponsored] PSiRA is reintroducing the booking system for branch visits. Effective Monday, 4 December 2023, clients will be required to book a slot to visit any PSiRA branch.

From the editor's desk: A sad but exciting goodbye
Technews Publishing News & Events
Welcome to the final monthly issue of SMART Security Solutions. This is the last issue of the year and the last monthly issue we will print. The SMART Security Solutions team wishes all our readers and advertisers a relaxing festive season and a peaceful and prosperous 2024.

Regal celebrates successful golf day
Regal Distributors SA News & Events
Regal Distributors held its first official Regal Golf Day on 18 October at the Glendower Golf Course in Johannesburg. SMART Security Solutions was there on a hot summer’s day to meet many players and sponsors around the course.

Gallagher Security releases Command Centre v9
Gallagher News & Events Access Control & Identity Management Integrated Solutions
Richer features, greater integrations, with the release of Gallagher Security’s Command Centre v9 security site management software designed to integrate seamlessly with various systems and hardware.