CIO Influence
CIO Influence News Security

Trellix Detects Collaboration by Cybercriminals and Nation-States

Trellix Detects Collaboration by Cybercriminals and Nation-States

Report Highlights New Programming Languages in Malware Development, Adoption of Malicious GenAI, and Acceleration of Geopolitical Threat Activity

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), released The CyberThreat Report: November 2023 from its Advanced Research Center. Trellix observed indicators of collaboration between ransomware groups and nation-state-backed advanced persistent threat (APT) actors, adoption and usage of lesser-known programming languages for malware, and cybercriminals developing Generative AI (GenAI) tools.

PREDICTIONS SERIES 2024 - CIO InfluenceCIO INFLUENCE News: Webscale Acquires Section.io to Launch CloudFlow

“Cybercriminals are becoming increasingly more agile, organized, and politically aligned. It is imperative defenders refer to threat intelligence to strengthen their security posture with limited resources.”

“As technology advances, so does cybercrime – and understanding the changing landscape is vital for CISOs and SecOps teams to stay ahead of threats,” said John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center. “Cybercriminals are becoming increasingly more agile, organized, and politically aligned. It is imperative defenders refer to threat intelligence to strengthen their security posture with limited resources.”

The Trellix Advanced Research Center’s latest CyberThreat Report includes:

  • Malicious GenAI: Cybercriminals bypass protections to take advantage of commonly known tools and use GenAI to enhance phishing campaigns. The accelerating scale and speed of phishing attacks indicates malicious GenAI may already be in deployment today.
  • Geopolitical Threat Activity: Nation-state threat activity spiked over 50% in the last six months due to conflict escalation in Russia and Ukraine, intensified cyber activity in Israel just before and during the conflict, and disruptive attacks on Taiwan heading into their 2024 elections.
  • Ransomware Developments: Global detections and industry-reported incidents, particularly in Q2, reflect unusual variations in ransomware families, as well as countries and industries targeted. The Trellix Advanced Research Center also observed a splintering of large ransomware groups, with the introduction of smaller groups and more attacks focused on data exfiltration.
  • Underground Collaboration: The last six months demonstrated an increase in threat actors actively collaborating on Dark Web forums. This spanned groups formally joining together (“The Five Families”), an escalation in selling/sharing of zero-day vulnerabilities, joint PoC development efforts to accelerate exploitations, and more.
  • Polyglot Malware: Cyber, a polycrisis itself, is a threat multiplier – and the rise of polyglot malware further exacerbates this. New programming languages are becoming popular malware choices, with Golang seeing high usage for ransomware (32%), backdoors (26%), and Trojan Horses (20%).

CIO INFLUENCE News: D-Wave Showcases Advantage QPU’s Ability to Improve Cellphone Network Transmission

The cybersecurity landscape experiences upheaval regularly as geopolitical and economic developments create an increasingly complicated and uncertain world. New cyber actors emerge daily while new vulnerabilities, exploits, and tactics are constantly discovered. The comprehensive analysis provided by the Trellix Advanced Research Center serves as a vital resource for today’s CISOs to understand and mitigate evolving cybersecurity risks in an interconnected world.

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

NV5 Acquires Red Technologies, Strengthens Data Center and Mission Critical Services in Asia Pacific

GlobeNewswire

Aqara Releases Camera Hub G2H Pro

Fujitsu Selects Alluvio Aternity by Riverbed for Fujitsu Intelligent Automation Platform

Business Wire