The LockBit ransomware gang is "most apt to leak stolen data," according to The Threat Report: February 2023 from eXtended detection and response (XDR) platform provider Trellix.Malicious threat actors " the limits of attack vectors" in the fourth quarter of 2022, said John Fokker, head of threat intelligence at Trellix's Advanced Research Center. To protect against these threat actors, organizations need to "make the most effective security out of scarce resources," he noted.
Trellix Report Detailed
Other notable findings from the report include:- LockBit 3.0 is the "most aggressive" with ransom demands. The LockBit leak site reported the most victims, indicating that this cybercriminal organization is the most aggressive in pressuring victims to comply with ransom demands.
- China-linked advanced persistent threat (APT) actors drive nation state-backed activity. APT actors linked to China generated a combined 71% of detected nation state-backed activity. These actors were the most active in terms of nation state-backed activity during the fourth quarter of 2022.
- Threat actors targeted many critical infrastructure organizations. Approximately 69% of detected malicious activity linked to nation state-backed APT actors targeted transportation and shipping organizations, followed by organizations in energy, oil and gas. Furthermore, ransomware actors targeted organizations in the telemetry, finance and healthcare more frequently than others. Organizations in telecom, government and finance were targeted via malicious email more often than others.
- Cybercriminals used fake CEO emails to launch business email compromise (BEC) attacks. Trellix indicated that 78% of BEC attacks involved fake CEO emails using common CEO phrases, up 64% between the third and fourth quarters of 2022.
