Security News > 2022 > November > Transportation sector targeted by both ransomware and APTs

The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat actors.

Q3 cybersecurity trends US ransomware activity leads the pack: In the US alone, ransomware activity increased 100% quarter over quarter in transportation and shipping.

Germany saw the highest detections: Not only did Germany generate the most threat detections related to APT actors in Q3, but they also had the most ransomware detections.

Ransomware evolved: Phobos, a ransomware sold as a complete kit in the cybercriminal underground, has avoided public reports until now.

It accounted for 10% of global detected activity and was the second most used ransomware detected in the US. LockBit continued to be the most detected ransomware globally, generating 22% of detections.

Trellix observed Microsoft Equation Editor vulnerabilities comprised by CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802 to be the most exploited among malicious emails received by customers during Q3. Malicious use of Cobalt Strike: Trellix saw Cobalt Strike used in 33% of observed global ransomware activity and in 18% of APT detections in Q3. Cobalt Strike, a legitimate third-party tool created to emulate attack scenarios to improve security operations, is a favorite tool of attackers who repurpose its capabilities for malicious intent.

News URL

https://www.helpnetsecurity.com/2022/11/18/cybersecurity-trends-q3-2022/