Business services are under increased attack from ransomware.

This is among the findings from The Threat Report: Summer 2022 from Trellix, which analyses cybersecurity trends and attack methods from the first quarter of 2022.

The report also features research from Trellix Threat Labs into connected healthcare and access control systems. It also includes analysis of email security trends and details the evolution of Russian cybercrime related to the conflict in Ukraine where new malware or methods have yet to be observed.

Key findings from the research include:

  • Increased threats to business services: Companies providing IT, finance and other types of consulting and contract services were targeted by adversarial actors more often, demonstrating cybercriminals desire to disrupt multiple companies with one attack. Business services accounted for 64% of total US ransomware detections and was the second most targeted sector behind telecom across global ransomware detections, malware detections, and nation-state backed attacks in Q1 2022.
  • Ransomware evolution: Following the January arrests of members of the REvil ransomware gang, payouts to attackers declined. Trellix also observed ransomware groups building lockers targeting virtualization services with varied success. Leaked chats from the quarter’s second most active ransomware gang, Conti, which publicly expressed allegiance to the Russian administration, seem to confirm the government is directing cybercriminal enterprises.
  • Email security trends: Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most malicious emails detected contained a phishing URL used to steal credentials or lure victims to download malware. Trellix also identified emails with malicious documents and executables like infostealers and trojans attached.

“With the merging of our digital and physical worlds, cyberattacks cause more chaos in our daily lives,” says Christiaan Beek, lead scientist and senior principal engineer at Trellix.

“Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back. Global threat actors have novel cyber artillery ready to deploy in case of escalation and organizations need to remain vigilant.”

Carlo Bolzonello, country lead for Trellix in South Africa, adds: “South African enterprises need to be mindful that it’s not a matter of ‘if’ their environment will be attacked, it’s ‘when’.

“Malevolent actors research and know the nuances of the environments that they attack, and an enterprise’s ability to respond and counter that attack effectively depends entirely on having the best integrated and automated tools available, and on having the right people armed with the right skills leading that response.”