Title: Rising Collaboration Among Ransomware Groups and Nation-State Attackers Highlighted in Trellix’s 2023 CyberThreat Report
In its recently released 2023 CyberThreat Report, cybersecurity company Trellix has warned of the growing collaboration between ransomware groups and nation-state-backed attackers. The report highlights the emergence of criminal collectives such as ‘The Darknet Parliament,’ ‘Net Worker Alliance,’ and ‘The Five Families,’ signaling a shift towards more organized, agile, and politically motivated cybercrime.
The report also sheds light on the use of lesser-known programming languages for malware development and the innovation of malicious Generative AI (GenAI) tools. According to Trellix, these advancements in cybercrime pose significant challenges for Chief Information Security Officers (CISOs) and Security Operations (SecOps) teams, who must stay ahead of evolving threats.
One notable finding is the use of GenAI to enhance phishing campaigns, suggesting that malicious GenAI tools may already be in deployment today. The report also reveals a significant surge in nation-state threat activity, with a spike of over 50% in the last six months. Escalating conflicts in Russia and Ukraine, increased cyber activity during and pre-conflict in Israel, and disruptive attacks on Taiwan ahead of their 2024 elections are cited as contributing factors.
Geopolitical uncertainty is described as both a cause and an incentive for cybercrimes, as new actors continue to emerge and existing ones evolve in their exploits and tactics. Trellix emphasizes the need for defenders to refer to threat intelligence to strengthen their security posture, especially in a globally connected world with limited resources.
The report also highlights unusual variations in ransomware families, particularly in Q2, with large ransomware groups splintering into smaller entities focusing on data exfiltration. Golang, a programming language, has seen a surge in its use for ransomware (32%), backdoors (26%), and Trojan Horses (20%).
Collaboration among threat actors on the Dark Web is also on the rise, with formal collaboration among groups, a growing market for zero-day vulnerabilities, and joint Proof-of-Concept (PoC) development efforts speeding up exploitations.
These findings align with recent incidents in Australia, where government critical infrastructure systems have been compromised, and isolated attacks on national security systems have occurred. According to John Fokker, Head of Threat Intelligence at Trellix Advanced Research Centre, the comprehensive analysis provided in the CyberThreat Report serves as an essential resource for CISOs to understand and address evolving cybersecurity risks.
The report is based on various data sources, including Trellix’s sensor network, investigations into nation-state and cyber criminal activity, and both open and closed-source intelligence. As cyber threats continue to evolve, it is crucial for organizations to stay informed and proactive in their cybersecurity measures to protect their sensitive data and systems.
#CyberThreatReport2023 #RansomwareCollaboration #NationStateAttackers #GenAIinCybercrime #GeopoliticalCybercrimes #CybersecurityChallenges