▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | GreenCity | Italian Channel Awards | Italian Project Awards | ...

Trellix Uncovers Spike in Cyber Activity from China and Russia

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today announced The CyberThreat Report: June 2024, the latest report from the elite team of researche...

Business Wire

Report details shifting ransomware ecosystem, U.S. election themed scams, and emergence of new AI tools for cybercrime

SAN JOSE, Calif.: Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today announced The CyberThreat Report: June 2024, the latest report from the elite team of researchers with the Trellix Advanced Research Center. The report details increasing cyber activity tied to China- and Russia-linked threat actors, the emergence of U.S. election donation-themed phishing scams, an atypical ransomware ecosystem and the growing use of hard to detect threat actor tools designed to circumvent the endpoint detection and response (EDR) protection technologies used by organizations around the world.

“The last six months have been unprecedented - a state of polycrisis remains and everything from elections to warfare to law enforcement activity have accelerated cyber threat actor activity globally. We’re seeing radical shifts in behavior,” said John Fokker, Head of Threat Intelligence, Trellix. “The cat and mouse game of cybersecurity is becoming more complex. Security leaders need more operational threat intelligence in order to outpace cybercriminals.”

The Trellix Advanced Research Center’s latest CyberThreat Report details findings from October 2023 - March 2024. Highlights include:

  • China and Russia increase attacks: China-linked threat groups, like Volt Typhoon, remain the most prolific originator of advanced persistent threat (APT) activities, generating 68.3% of all detections. The Trellix Advanced Research Center further found 23% of all activity from China-linked groups is directed at the global government sector. Additionally, Russia-linked APT group, Sandworm, saw a sharp increase in activity, with 40% more detections in the period of this report compared to April - September 2023.
  • Election themed scams: The Trellix Advanced Research center found malicious emails aimed at tricking consumers into donating to elections. The emails abuse legitimate marketing services to create convincing but fake donation pages with the goal of scamming everyday people out of money disguised as donations to election campaigns.
  • Shifting ransomware ecosystem: Ransomware actors threatened the transportation and shipping sector the most, generating 53% and 45% of global ransomware detections in Q4 2023 and Q1 2024 respectively, and was followed by the finance industry. Also, following a global law enforcement action to disrupt ransomware gang LockBit, Trellix observed imposters copying the group.
  • EDR evasion: An EDR evasion tool called “Terminator” from cybercriminal developer Spyboy was used in a new campaign in January 2024 with 80% of detections targeted at the telecom sector. Given the specific targets, Trellix assesses with a high level of confidence that the campaign was related to the Russian-Ukrainian conflict.
  • GenAI usage by cybercriminals: Trellix observed a free ChatGPT 4.0 Jabber tool available in the cybercriminal underground, which allows threat actors to adopt GenAI into their operations and to create a GenAI knowledge base to learn from other cyber criminals or even steal their ideas and tools.

New cyber actors emerge daily while new vulnerabilities, exploits, and tactics are constantly discovered. Operational threat intelligence, like the data and insights found in this report, is necessary for CISOs and security operations leaders looking for a comprehensive view into their security posture and to identify potential gaps in their cybersecurity strategy.

The CyberThreat Report: June 2024 includes proprietary data from Trellix’s sensor network, investigations into nation-state and cybercriminal activity by the Trellix Advanced Research Center, and open and closed-source intelligence. The report is based on telemetry related to detection of threats, when a file, URL, IP-address, suspicious email, network behavior, or other indicator is detected and reported by the AI-powered Trellix XDR platform.

Additional Resources:

About the Trellix Advanced Research Center
The Trellix Advanced Research Center is at the forefront of research into the emerging methods, trends, and tools used by cyber threat actors across the global cyber threat landscape. Our elite team of researchers serve as the premier partner of CISOs, senior security leaders, and their security operations teams worldwide. The Trellix Advanced Research Center provides operational and strategic threat intelligence through cutting-edge content to security analysts, powers our industry leading AI powered XDR platform, and offers intelligence products and services to customers globally. More at https://www.trellix.com/en-us/advanced-research-center.html.

Follow Trellix on LinkedIn and X.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

Axyon AI: Italian Artificial Intelligence for Finance applications

Axyon AI offers an AI platform specifically designed for asset management, with several interesting strengths for those approaching machine/deep learning…

Italian Artificial Intelligence tackles medical emergencies at sea

Mermaid-AI is a telehealth platform at sea based on a visor equipped with an AR, medical Artificial Intelligence algorithms, satellite communications…

Gyala: a new "Made in Italy" cybersecurity

With a proven track record in the defence field, Gyala now also brings its cybersecurity technologies to the wider enterprise audience

ITALIAN PROJECT AWARDS 2023: the best IT projects of the year, awarded

Now in its third edition, the initiative is targeted at the ICT professional world and honours projects based on innovative ideas and technologies, realised…

Most read

Sheba Microsystems Welcomes MEMS Technology Leader and Entrepreneur Matt…

Sheba Microsystems Inc. (Sheba) a global leader in MEMS technologies, today announced the appointment of Matt Crowley as Senior Strategic Advisor. Matt…

Worldwide Public Cloud Services Revenues Grew 19.9% Year Over Year in…

#AWS--Worldwide revenue for the public cloud services market totaled $669.2 billion in calendar year 2023, an increase of 19.9% compared to 2022, according…

Maximus Supports Provider Module Certification for Ohio Department of…

Maximus, a leading employer and provider of government services worldwide, today announced that its state client, the Ohio Department of Medicaid, has…

Large Language Model (LLM) Markets 2024-2034 with OpenAI, Google, Meta,…

The "Large Language Model (LLM) Market - A Global and Regional Analysis: Focus on Application, Architecture, Model Size, and Region - Analysis and Forecast,…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!