Trellix, the company delivering cybersecurity’s broadest AI-powered platform, today released The CyberThreat Report: November 2024, its latest research from the Trellix Advanced Research Center. The...
Report details growing cyber threats from China, rise of RansomHub, and intensifying cyber threat landscape
SAN JOSE, Calif.: Trellix, the company delivering cybersecurity’s broadest AI-powered platform, today released The CyberThreat Report: November 2024, its latest research from the Trellix Advanced Research Center. The report provides insight into the regions and industries at risk, the evolving methods used by adversarial actors, and offers recommendations for CISOs and security operations teams tasked with protecting their organization.
The research examines an increasingly complex ransomware ecosystem where groups have adopted advanced tools with embedded AI to spread ransomware. Further findings include the accelerated use of endpoint detection and response (EDR) evasion, password spray, infostealer, and backdoor tools and techniques to execute attacks. Trellix telemetry reveals China-affiliated threat actor groups remain a prevalent source of nation-state advanced persistent threat (APT) activities, with Mustang Panda generating more than 12% of detected APT activity alone.
“The last six months delivered AI advancements, from AI-driven ransomware to AI-assisted vulnerability analysis, evolving criminal strategies, and geopolitical events, which have reshaped the cyber landscape. Resilience planning has never been more important for cybersecurity teams,” said John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center. “We’ve seen significant events, including state-sponsored attacks on critical infrastructure, the growth of AI-driven ransomware, and the rise of hacktivism tied to global conflict. The increased use of generative AI by cybercriminals has also posed new challenges. The industry must continue monitoring for transformative use of AI by cybercriminals to strengthen defenses.”
An evolving ransomware ecosystem
With several arrests, the indictment of LockBit leaders, and action to dismantle infrastructure by global law enforcement, the Trellix Advanced Research Center observed a diversification of ransomware groups, expanded use of AI-powered tools to deliver ransom demands, and a focus on tools built specifically to evade endpoint detection and response (EDR) solutions.
The broader cyber threat landscape
The Trellix Advanced Research Center examined industry cyber threat data, with analysis pointing to a rise in attacks from North Korea-aligned group Kimsuky, which doubled the activity of other APT groups. The study of industry reports of cybersecurity events also revealed a targeted distribution across critical sectors, with the government bearing the brunt of attacks (13%), followed by the financial sector (7%) and manufacturing (5%).
The CyberThreat Report: November 2024 includes proprietary data from Trellix’s sensor network, investigations into nation-state and cybercriminal activity by the Trellix Advanced Research Center, and open and closed-source intelligence. It integrates AI-assisted data gathering to enhance the depth and timeliness of insights. The report is based on telemetry related to threat detections, when a file, URL, IP address, suspicious email, network behavior, or other indicator is detected and reported by the AI-powered Trellix Security Platform. This report represents data collected April 1 - September 30, 2024.
Additional Resources:
About the Trellix Advanced Research Center
The Trellix Advanced Research Center is at the forefront of research into the emerging methods, trends, and tools used by cyber threat actors across the global cyber threat landscape. Our elite team of researchers serve as the premier partner of CISOs, senior security leaders, and their security operations teams worldwide. The Trellix Advanced Research Center provides operational and strategic threat intelligence through cutting-edge content to security analysts, powers our industry-leading AI-powered cybersecurity platform, and offers intelligence products and services to customers globally. More at https://www.trellix.com/en-us/advanced-research-center.html.
Follow Trellix on LinkedIn and X.
Fonte: Business Wire
Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…
G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes
Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries
Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…
SnapLogic, the leader in generative integration, today announced that it has been named by Gartner as a Visionary in the 2024 “Magic Quadrant for Data…
JetBlue (Nasdaq: JBLU) today announced the promotion of Justin Thompson to vice president, IT data and analytics. In this role, Thompson will oversee…
#CloudSecurity--Gigamon, a leader in deep observability, announced Frost & Sullivan recently analyzed the network packet brokers (NPB) market and…
#BestOverallTestingProject--InfoVision, a global leader in IT services and enterprise digital transformation, has been named the winner in the ‘Best Overall…