the motive for nearly half of statebacked cyberattacks .
Services ( 36 %) was the most-used Administrative Tool in Q4 2021 .
Trellix Threat Labs recently found LotL techniques deployed by DarkHotel – a suspected South Korean APT group – using Excel files to successfully infiltrate luxury hotels and glean information on prominent guests travelling for work and conferences .
Earlier this year , Trellix Threat Labs also identified a multi-stage espionage attack on a Prime Minister ’ s office to surveille high-ranking government officials and defence sector business executives . This campaign featured the use of Microsoft ’ s OneDrive as a Command and Control ( C2 ) server and Excel to gain access to victim environments .
Other methods and techniques gaining traction among cyber adversaries in recent months :
• Cobalt Strike ranked highest among tools used by APT groups in Q4 2021 – a 95 % increase from Q3
• Obfuscated files or information , followed by credentials from web browsers , and file and directory discovery were the techniques observed most in Q4 2021
• Malware was used most often in reported incidents in Q4 2021 , accounting for 46 % of total incidents and increasing 15 % from Q3 2021
Threats to Individuals
Notably , the report found a significant ( 73 %) increase in cyber incidents targeting individuals and positioned people as the top attack sector
Of Trellix customers , the transportation sector was targeted in 62 % of all observed detections in Q4 2021 .
in Q4 2021 . This includes threats executed through social media , mobile devices and other services where consumers store data and credentials . For example , in Q4 2021 , Facebook discovered spyware campaigns targeting users around the world and another criminal group leveraged Joker malware to target Android users globally . These attacks are typically politically motivated to follow a person ’ s interactions and contacts .
This follows the release of In the Crosshairs : Organizations and Nation-State Cyber Threats , a report from Trellix and the Center for Strategic and International Studies which found access to consumer data was , and will likely continue to be ,
“ The rise in threats against individuals is definitely cause for concern for organisations , particularly given that a vast majority of employees now operate in a hybrid workplace , often using home networks ( which are arguably less secure ) and unmanaged devices . Organisations need to be able to put in place effective controls without hampering employee productivity – a difficult balance to strike but one that must be prioritised ,” said Vibin Shaju , General Manager , UAE , Trellix .
Q4 2021 threat activity
• Ransomware families . Lockbit ( 21 %) was the most prevalent ransomware family detected in Q4 2021 – a 21 % increase from Q3 – followed by Cuba ( 18 %) and Conti ( 16 %).
• Ransomware arrests . REvil / Sodinokibi , the top ransomware family detected in Q3 2021 , did not rank among most prevalent detections in Q4 due to Global Law Enforcement interventions .
• Ransomware increase . Substantial increases in ransomware activity were observed in Italy ( 793 %), the Netherlands ( 318 %) and Switzerland ( 173 %) in Q4 2021 . India ( 70 %) and the UK ( 47 %) also experienced notable increases compared to Q3 .
• Malware families . RedLine Stealer ( 20 %), Raccoon Stealer ( 17 %), Remcos RAT ( 12 %), LokiBot ( 12 %) and Formbook ( 12 %) amounted to almost 75 % of malware families observed in Q4 2021 . u
Threat Labs Report : April 2022 leverages proprietary data from Trellix ’ s network of over 1 billion sensors along with open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity . Telemetry related to detection of threats is used for the purposes of this report . A detection is when a file , URL , IP-address or other indicator is detected and reported via the Trellix XDR ecosystem . www . intelligentciso . com