The activity of the robber programs continues to grow all over the world, despite the efforts of companies to increase their cybersecurity. While some industries doubled or tripled their protection, others are still vulnerable and become targets for cybercriminals. According to the report the Threat Report: Fall 2022 prepared The Trellix promising research center, in the third quarter of 2022, the activity of beam programs in the transport and shipping industry doubled. The report provides evidence of harmful activity associated with extortion programs and APT attacks.
Trends in cybersecurity in the 3rd quarter
The activity of bending programs in the United States leads: only in the USA the activity of robber programs in the field of transport and transportation increased by 100% compared to the previous quarter. On a global scale, the transport turned out to be the second sector in activity (after telecommunications). APT was also found in the field of transport more often than in any other sector.
The largest number of detection was recorded in Germany: in the third quarter in Germany, not only the most threats associated with the APT entities (29% of the observable activity) were found, but also the most detectments of reproach programs were recorded. According to the report, the amount of VPO detected increased by 32% and amounted to 27% of global activity.
The scaling of new threats: As the report showed, the largest number of threats detected is recorded for the Mustang Panda group, APT29 and APT36.
follow it.
The Mounting Programs evolved: PHOBOS accounted for 10% of the total number of VPO detected, and it became the second most common extortion software discovered in the United States. LockBit continues to be the most commonly detected program-offender around the world, it accounts for 22% of detection.
Old vulnerability continues to prevail: vulnerabilities of many years ago continue to be successful attack vectors. According to Trellix observations, the Microsoft Equation Editor vulnerability, including CVE-2017-11882, CVE-2018-0798 and CVE-2018-0802, turned out to be the most exploited among malicious letters received by customers in the third quarter.
The harmful use of Cobalt Strike: according to the report, the third quarter of Cobalt Strike was used in 33% of cases of global activity of extortion software and in 18% of cases of APT detection. Cobalt Strike, a legitimate third -party tool created to simulate attack scenarios in order to improve the operation of the security system, is a favorite tool of attackers who use its capabilities for malicious purposes.