The LockBit ransomware gang is "most apt to leak stolen data," according to The Threat Report: February 2023 from eXtended detection and response (XDR) platform provider Trellix.
Trellix Report Detailed
Other notable findings from the report include:
- LockBit 3.0 is the "most aggressive" with ransom demands. The LockBit leak site reported the most victims, indicating that this cybercriminal organization is the most aggressive in pressuring victims to comply with ransom demands.
- China-linked advanced persistent threat (APT) actors drive nation state-backed activity. APT actors linked to China generated a combined 71% of detected nation state-backed activity. These actors were the most active in terms of nation state-backed activity during the fourth quarter of 2022.
- Threat actors targeted many critical infrastructure organizations. Approximately 69% of detected malicious activity linked to nation state-backed APT actors targeted transportation and shipping organizations, followed by organizations in energy, oil and gas. Furthermore, ransomware actors targeted organizations in the telemetry, finance and healthcare more frequently than others. Organizations in telecom, government and finance were targeted via malicious email more often than others.
- Cybercriminals used fake CEO emails to launch business email compromise (BEC) attacks. Trellix indicated that 78% of BEC attacks involved fake CEO emails using common CEO phrases, up 64% between the third and fourth quarters of 2022.
Malicious threat actors " the limits of attack vectors" in the fourth quarter of 2022, said John Fokker, head of threat intelligence at Trellix's Advanced Research Center. To protect against these threat actors, organizations need to "make the most effective security out of scarce resources," he noted.
Real-Time Threat Intelligence for Trellix Customers
Trellix in September 2022 established its Advanced Research Center to provide its customers with "actionable real-time intelligence and threat indicators," the company stated. In doing so, the center helps Trellix customers detect, respond and remediate cyber threats.
To date, Trellix's Advanced Research Center has published research on CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and many closed-source projects. The center also continues to search for cyber threats and keep Trellix customers up to date about them.
