• Home
  • /
  • Malware
  • /
  • Malicious actors are pushing the limits of attack vectors – Trellix

Malicious actors are pushing the limits of attack vectors – Trellix

Christopher Tredger
By Christopher Tredger, Portals editor
Johannesburg, 23 Feb 2023

South Africa’s most important institutions, including those in government and the financial sector, are the most attractive prey for international syndicates, says Carlo Bolzonello, country lead for cyber security firm Trellix South Africa. Ransomware and e-mail threats are major concerns, he said.

Trellix' Threat Report: Februry 2023 - Trellix

The Threat Report: February 2023 includes proprietary data from Trellix’s sensor network, investigations into nation-state and cyber criminal activity by the Trellix Advanced Research Centre, open- and closed-source intelligence, and threat actor leak sites. 

The report is based on telemetry related to detection of threats, when a file, URL, IP-address, suspicious e-mail, network behaviour or other indicator is detected and reported by the Trellix XDR platform.

Bolzonello was commenting on The Threat Report: February 2023 released by Trellix via its Advanced Research Centre.

The research examined cyber security trends from the final quarter of 2022 and includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors.

Among th key findings was that APT actors linked to China, including Mustang Panda and UNC4191, were the most active in the quarter, generating a combined 71% of detected nation-state backed activity. Actors tied to North Korea, Russia, and Iran followed. The same four countries ranked the most active APT actors in public reports.

“Q4 saw malicious actors push the limits of attack vectors,” said John Fokker, head of threat intelligence, at Trellix Advanced Research Centre. “Grey zone conflict and hacktivism led to an increase in cyber as statecraft and activity across threat actor leak sites. As the economic climate changes, organisations need to make the most effective security out of scarce resources.”

The report added that critical Infrastructure sectors are heavily impacted by cyberthreats.

Trellix observed 69% of detected malicious activity linked to nation-state backed APT actors targeting transportation and shipping, followed by energy, oil, and gas.

According to Trellix telemetry, finance and healthcare were among the top targeted sectors by ransomware actors, and telecoms, government and finance among the top sectors targeted via malicious e-mail.

Research also showed an increase in business email compromise (BEC)Trellix found that 78% of BEC involved fake CEO e-mails using common phrases. This was a 64% increase from Q3 to Q4 2022. Tactics included asking employees to confirm their direct phone number to execute a voice-phishing, or vishing, scheme. 82% were sent using free e-mail services, meaning threat actors need no special infrastructure to execute their campaigns.

Carlo Bolzonello, country lead for Trellix in South Africa.
Carlo Bolzonello, country lead for Trellix in South Africa.

Ransomware defences

The Internet Service Providers’ Association (ISPA) has warned of an increase in attacks and urged businesses to strengthen their ransomware defences, according to an ITWeb report published this week.

The ISPA advised businesses to build robust cyber resilience strategies and routinely evaluate disaster recovery procedures.

Sasha Booth-Beharilal, ISPA chairperson, is quoted: “Cyber crime disrupts more than business operations; it exposes organisations to reputational and regulatory risk.

“Not only are ransomware attacks becoming more frequent, but developments overseas are suggesting that policing agencies globally are not considering the payment of ransom as a mitigating factor when considering enforcement actions. This, again, underscores the importance of a proactive approach to cyber security.”

In December 2022 Trellix released its Advanced Research Centre’s 2023 Threat Predictions Report which warned of heightened hacktivism and geopolitical attacks this year.

Fokker added: “Global political events and the adoption of new technology will breed novel threats from more innovative threat actors.”