• Ransomware Family detections were down in Q1 of 2022 . Lockbit accounted for 20 % of top-10 ransomware tool queries , followed by Conti ( 17 %) and Cuba ( 14 %) in Q4 of 2021 . However , queries of all three Q4 category prevalence leaders – Lockbit (– 44 %), Conti (– 37 %) and Cuba (– 55 %) – decreased in Q1 of 2022 when compared to Q4 of 2021 .
• Living off the Land continues to grow with Windows Command Shell / CMD leveraged in 41 % of LotL attacks .
• Turkey is most targeted by nationstate actors ( 31 %).
• Russia recorded a 490 % highest increase of incidents from Q4 2021 to Q1 2022 .
“ With the merging of our digital and physical worlds , cyberattacks cause more chaos in our daily lives ,” said Christiaan Beek , Lead Scientist and Senior Principal Engineer , Trellix . “ Adversaries know they are being watched closely ; the absence of new
It is imperative for businesses to deploy an XDR architecture that is always learning and adapting .
tactics observed in the wild during the war in Ukraine tells us tools are being held back . Global threat actors have novel cyber artillery ready to deploy in case of escalation and organisations need to remain vigilant .”
“ Looking at the findings and data from the latest Trellix report , it is clear that the first quarter of 2022 was more about evolution than revolution ,” said Vibin Shaju , General Manager – UAE , Trellix . “ With business services becoming a key focus for criminals , and tried and tested social engineering attacks like phishing continuing to be criminals ’ attack vector of choice , it is imperative for businesses to deploy an XDR architecture that is always learning and adapting , so they can remain resilient with advanced detection , response and remediation capabilities .”
The Threat Report : Summer 2022 leverages proprietary data from Trellix ’ s network of over 1 billion sensors , open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity . Telemetry related to detection of threats is used for the purposes of this report . A detection is when a file , URL , IP-address , suspicious email , network behaviour or other indicator is detected and reported via the Trellix XDR ecosystem . u www . intelligentciso . com