Threat Report Says IT, Finance Companies Were Targeted by Adversarial Actors


Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), has released The Threat Report: Summer 2022, a report analysing cybersecurity trends and attack methods from the first quarter of 2022.

The report features research from Trellix Threat Labs into connected healthcare and access control systems. It includes an analysis of email security trends and details the evolution of Russian cybercrime related to the conflict in Ukraine, where new malware or methods have yet to be observed. Findings from the research point to:

  • Increased Threats to Business Services: Companies providing IT, finance and other consulting and contract services were targeted by adversarial actors more often, demonstrating cybercriminals’ desire to disrupt multiple companies with one attack.
  • Ransomware Evolution: Following the January arrests of members of the REvil ransomware gang, payouts to attackers declined. Trellix also observed ransomware groups building lockers targeting virtualisation services with varied success. Leaked chats from the quarter’s second most active ransomware gang, Conti, which publicly expressed allegiance to the Russian administration, seem to confirm the government is directing cybercriminal enterprises.
  • Email Security Trends: Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most malicious emails detected contained a phishing URL used to steal credentials or lure victims into downloading malware. Trellix also identified emails with malicious documents and attached executables like infostealers and trojans.

“Looking at the findings and data from the latest Trellix report, it is clear that the first quarter of 2022 was more about evolution than revolution. With business services becoming a key focus for criminals and tried and tested social engineering attacks like phishing continuing to be criminals’ attack vector of choice, businesses must deploy an XDR architecture that is always learning and adapting, so they can remain resilient with advanced detection, response, and remediation capabilities,” added Vibin Shaju, General Manager – UAE, Trellix.

The Threat Report: Summer 2022 leverages proprietary data from Trellix’s network of over one billion sensors, open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity. Telemetry related to the detection of threats is used for this report. Detection is when a file, URL, IP address, suspicious email, network behaviour or other indicator is detected and reported via the Trellix XDR ecosystem.

If you liked reading this, you might like our other stories
Why You Can’t Ignore Building Data Management in 2022
Does Data Fabric Impact The Bottomline?