Security News > 2022 > July > Trellix finds business services top target of ransomware attacks
According to cybersecurity firm Trellix's quarterly Threat Report: Summer 2022, released today, the line between ransomware gangs and nation-states continued to blur between Q4 2021 to Q1 2022.
Business services providers and telecoms were the most targeted industries for ransomware attacks.
In the countries where Trellix has customers, 31% of the Q1 2022 nation-state activity targeted Turkey, followed by Israel with 18%, the U.K. with 11%, Mexico with 10% and the U.S. with 8%. The most active nation-state actor in the quarter was APT36, an advanced persistent threat actor most likely backed by the Pakistani government and primarily targeting defense organizations in India.
"We highly urge every organization to take close note of ransomware TTPs , especially if they have already determined state-sponsored groups are likely to target them."
The threat report uses proprietary data from Trellix's network of over one billion sensors, open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity.
A detection occurs when a file, URL, IP address, suspicious email, network behavior or other indicator is detected and reported via the Trellix XDR ecosystem.
News URL
https://www.techrepublic.com/article/trellix-finds-business-services-top-ransomware-target/
Related news
- JetBrains is still mad at Rapid7 for the ransomware attacks on its customers (source)
- Stanford: Data of 27,000 people stolen in September ransomware attack (source)
- Nissan confirms ransomware attack exposed data of 100,000 people (source)
- TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (source)
- What the Latest Ransomware Attacks Teach About Defending Networks (source)
- Lessons from a Ransomware Attack against the British Library (source)
- Jackson County in state of emergency after ransomware attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)