Information is always important when factoring in what that information could be used for.
When considering cyber threats, users, online and off, must consider a number of potential risks in order to stay ahead of the threat as opposed to falling victim.
No ad to show here.
In a Trellix Cyberthreat report, the cyber company released the June 2023 edition which analyzed cybersecurity trends from the last quarter.
Interesting insights were taken from expert researchers who analyzed over 30 million detections of malicious samples daily.
John Fokker, head of threat intelligence at Trellix advanced research centre says “offensive cyber capabilities are being leveraged strategically by nation-states for espionage and disruption.”
Issuing a warning to organizations and the public he adds, “for both leading and developing countries, we see risks to critical infrastructures like telecommunications, energy, and manufacturing by notable APT groups – a warning to public and private organizations to deploy modern protections to stay ahead of rapidly evolving threats.”
What are these threats?
Coordinated cyber espionage
Advanced persistent threat (APT) groups linked to China were the most active in targeting nation-states, generating 79% of all activity detected.
The report predicts APT groups continue cyber espionage and disruptive cyberattacks in tandem with physical military activity.
Cobalt strikes are tools favoured by cyber criminals and ransomware actors, and Trellix has detected that Cobalt Strikes doubled since quarter 4, last year.
Attackers are motivated by financial motivation and motivations for ransomware are still financial, the report highlighted.
Some vulnerabilities consist of bypasses to older supply chain bugs.
These supply chain bugs use outdated libraries that were never properly addressed, such as an Apple vulnerability that had roots extending further in history which become a possible weakness used by forced entry exploiters.
Rogue access to the cloud
Cloud infrastructure attacks on Amazon, Microsoft, and Google are rising according to the firm.
The dominant technique used valid accounts at 2x more detections than any other vector, meaning rogue access to legitimate accounts in remote work environments remained significant.
“Security teams are in a race to enhance defense capabilities to protect organizations from growing attack surfaces,” adds Joseph Tal also from the Trellix Advanced Research Center.
“Teams are in a daily catch-up to process millions of data points across complicated networks. Trellix’s goal is to provide research to strengthen security postures through insights gleaned from our massive reservoir of intelligence.”
The research and report were aimed at detecting threats very early on in order to provide reactive solutions.
Whether is threats from a file, URL, IP address, in the form of mail, or network behavior, identifying the threat was crucial and beneficial to the potential victim.
The Cyber Threat Report includes data from Trellix’s sensor network, investigations into nation-state, and cybercriminals activity by the Trellix advanced research center all amalgamated for the detection of threats.
The Trellix advanced research center puts together an elite team of security professionals and researchers to produce insightful but most importantly actionable intelligence to propel customer outcomes.
The research network of expert researchers analyzed over 30 million detections of malicious samples daily.