▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

Trellix Uncovers Diversification of Ransomware Ecosystem as Cybercriminal Use of AI Expands

Trellix, the company delivering cybersecurity’s broadest AI-powered platform, today released The CyberThreat Report: November 2024, its latest research from the Trellix Advanced Research Center. The...

Business Wire

Report details growing cyber threats from China, rise of RansomHub, and intensifying cyber threat landscape

SAN JOSE, Calif.: Trellix, the company delivering cybersecurity’s broadest AI-powered platform, today released The CyberThreat Report: November 2024, its latest research from the Trellix Advanced Research Center. The report provides insight into the regions and industries at risk, the evolving methods used by adversarial actors, and offers recommendations for CISOs and security operations teams tasked with protecting their organization.

The research examines an increasingly complex ransomware ecosystem where groups have adopted advanced tools with embedded AI to spread ransomware. Further findings include the accelerated use of endpoint detection and response (EDR) evasion, password spray, infostealer, and backdoor tools and techniques to execute attacks. Trellix telemetry reveals China-affiliated threat actor groups remain a prevalent source of nation-state advanced persistent threat (APT) activities, with Mustang Panda generating more than 12% of detected APT activity alone.

“The last six months delivered AI advancements, from AI-driven ransomware to AI-assisted vulnerability analysis, evolving criminal strategies, and geopolitical events, which have reshaped the cyber landscape. Resilience planning has never been more important for cybersecurity teams,” said John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center. “We’ve seen significant events, including state-sponsored attacks on critical infrastructure, the growth of AI-driven ransomware, and the rise of hacktivism tied to global conflict. The increased use of generative AI by cybercriminals has also posed new challenges. The industry must continue monitoring for transformative use of AI by cybercriminals to strengthen defenses.”

An evolving ransomware ecosystem
With several arrests, the indictment of LockBit leaders, and action to dismantle infrastructure by global law enforcement, the Trellix Advanced Research Center observed a diversification of ransomware groups, expanded use of AI-powered tools to deliver ransom demands, and a focus on tools built specifically to evade endpoint detection and response (EDR) solutions.

  • Group diversification: The top five most active groups account for less than 40% of all attacks, demonstrating less concentrated activity among major actors. This highlights the need for organizations and governments to remain adaptable, continuously updating their strategies to address the evolving tactics of ransomware groups.
  • RansomHub: RansomHub emerged as the most active among ransomware groups, accounting for 13% of Trellix detections. Its rise, and the activity of other smaller groups, further illustrates the fluid nature of ransomware. LockBit remains active, generating the second most detections (11%), followed by groups Play (7%), Akira (4%) and Medusa (4%).
  • EDR evasion: Trellix found a thriving market for EDR evasion tools on the dark web. They are built to avoid detection by the tools most organizations rely on to identify and respond to known threats. RansomHub adopted one such tool named EDRKillShifter to disable EDR capabilities before executing their attacks.
  • AI-powered tools: The cybercriminal underground has become a hub for malicious actors to sell new AI-based tools to execute crime. Trellix observed the sale of a number of these tools on the black market, including the Radar Ransomware-as-a-Service program, which conceals the way AI is used but seeks to recruit forum users to join its affiliate network.
  • Sectors and regions: Healthcare, education, and critical infrastructure remain prime targets, and the global spread of ransomware persists, focusing on the U.S. and other developed economies. The U.S. received 41% of all Trellix ransomware detections, outpacing the next most targeted country (the U.K.) nine-fold.

The broader cyber threat landscape
The Trellix Advanced Research Center examined industry cyber threat data, with analysis pointing to a rise in attacks from North Korea-aligned group Kimsuky, which doubled the activity of other APT groups. The study of industry reports of cybersecurity events also revealed a targeted distribution across critical sectors, with the government bearing the brunt of attacks (13%), followed by the financial sector (7%) and manufacturing (5%).

The CyberThreat Report: November 2024 includes proprietary data from Trellix’s sensor network, investigations into nation-state and cybercriminal activity by the Trellix Advanced Research Center, and open and closed-source intelligence. It integrates AI-assisted data gathering to enhance the depth and timeliness of insights. The report is based on telemetry related to threat detections, when a file, URL, IP address, suspicious email, network behavior, or other indicator is detected and reported by the AI-powered Trellix Security Platform. This report represents data collected April 1 - September 30, 2024.

Additional Resources:

About the Trellix Advanced Research Center
The Trellix Advanced Research Center is at the forefront of research into the emerging methods, trends, and tools used by cyber threat actors across the global cyber threat landscape. Our elite team of researchers serve as the premier partner of CISOs, senior security leaders, and their security operations teams worldwide. The Trellix Advanced Research Center provides operational and strategic threat intelligence through cutting-edge content to security analysts, powers our industry-leading AI-powered cybersecurity platform, and offers intelligence products and services to customers globally. More at https://www.trellix.com/en-us/advanced-research-center.html.

Follow Trellix on LinkedIn and X.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

RSA at Cybertech Europe 2024

Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…

Italian Security Awards 2024: G11 Media honours the best of Italian cybersecurity

G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes

How Austria is making its AI ecosystem grow

Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries

Sparkle and Telsy test Quantum Key Distribution in practice

Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…

Most read

SnapLogic Named a Visionary in the 2024 Gartner® Magic Quadrant™ for Data…

SnapLogic, the leader in generative integration, today announced that it has been named by Gartner as a Visionary in the 2024 “Magic Quadrant for Data…

JetBlue Names Justin Thompson Vice President, IT Data and Analytics

JetBlue (Nasdaq: JBLU) today announced the promotion of Justin Thompson to vice president, IT data and analytics. In this role, Thompson will oversee…

Gigamon Recognized by Frost & Sullivan with a 2024 Best Practices Market…

#CloudSecurity--Gigamon, a leader in deep observability, announced Frost & Sullivan recently analyzed the network packet brokers (NPB) market and…

InfoVision Wins Top Spot at the Prestigious North American Software Testing…

#BestOverallTestingProject--InfoVision, a global leader in IT services and enterprise digital transformation, has been named the winner in the ‘Best Overall…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!