Security News > 2022 > February > Ransomware groups and APT actors laser-focused on financial services

Among its findings, the research reports that despite a community reckoning to ban ransomware activity from online forums, hacker groups used alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors - hitting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections.

"While we ended 2021 focused on a resurgent pandemic and the revelations around the Log4j vulnerability, our third-quarter deep dive into cyber threat activity found notable new tools and tactics among ransomware groups and advanced global threat actors," said Raj Samani, Chief Scientist and Fellow at Trellix.

While claiming responsibility for the ransomware attack on Kaseya VSA that closed hundreds of supermarket stores for several days, the quarter saw the REvil/Sodinokibi family of ransomware continue to lead in its pervasiveness as it had in Q2, accounting for nearly half of Trellix's ransomware detections.

Through the identification of indicators of compromise to reveal the tools used to execute attacks, Trellix observed the maturation of the techniques deeply skilled APT adversary groups use to bypass security controls and perform their operations.

In Q3 2021, threat activity believed to be from Russian and Chinese nation-state backed groups were responsible for 46% of all observed APT threat activity.

The critical economic sector also led all industries in terms of detected ransomware samples and APT group activity.

News URL

https://www.helpnetsecurity.com/2022/02/07/cyber-threats-q3-2021/