The financial industry revealed as the sector most at risk from cyberattacks
The financial industry has emerged as the sector most at risk from cyberattacks, according to a new study published by Trellix.
The data revealed an increased presence of advanced persistent threat actors and ransomware groups that focused on financial services in the third quarter of 2021.
During this time, cybercriminals have been proven to use alternate personas to continue using ransomware against a growing range of industries. This has allowed them to hit the financial, utility and retail sectors most often, accounting for nearly 60% of ransomware detections.
Financial services topped the list as the most notable industry for publicly reported cyber incidents, up 21% in Q3 and reported in 40% of APT observations. This vital economic sector also leads all industries in terms of ransomware samples detected and APT group activity in general.
The DarkSide ransomware group acting as BlackMatter has been found to have experienced a significant resurgence, despite the group’s claim that it has ceased to function.
While claiming responsibility for the Kaseya VSA ransomware attack that shut down hundreds of supermarkets for several days, the quarter also saw the REvil/Sodinokibi ransomware family continue to dominate in their ubiquity as they had in second quarter, accounting for nearly half of Trellix’s ransomware. detections.
Trellix chief scientist and colleague Raj Samani says the pandemic has increased opportunities for attackers to approach certain markets, with new vulnerabilities being exploited by new tools.
“While we ended 2021 focusing on a resurgent pandemic and the revelations around the Log4j vulnerability, our Q3 deep dive into cyber threat activity found some notable new tools and tactics among ransomware groups and threat actors. advanced players in the global threat,” he said.
In terms of the regional location of threat actors, the third quarter of 2021 showed that threat activities believed to originate from Russian and Chinese nation-state-backed groups were responsible for almost half (46% combined) of all observed APT threat activities. This assessment was based on an analysis of available technical indicators and other research.
While malware was the most frequently used technique in reported incidents in Q3 2021, reported malware incidents decreased by 24% compared to Q2 2021.
Formbook, Remcos RAT and LokiBot accounted for nearly 80% of malware detections in Q3 2021, with Formbook being present in more than a third of attacks.
Samani says that the information provided in the report provides insight into the risks companies in the financial sector are facing due to the sudden emergence of new threat technologies.
“This report provides greater visibility into the use and abuse of ransomware group personas, how nation-state APT actors are seeking to dig deeper into finance and other critical industries , and new Living off the Land attacks leveraging Microsoft’s native system tools in new ways.”