The finance industry has been revealed as the sector most under threat from cyber attacks, according to a new study released by Trellix.
Data revealed an increased presence of advanced persistent threat actors and ransomware groups who focused on financial services in the third quarter of 2021.
During this period, cyber criminals were proven to use alternate personas to continue to utilise ransomware against an increasing spectrum of sectors. This allowed them to hit the financial, utilities and retail sectors the most often, accounting for nearly 60% of ransomware detections.
Financial services topped the list as the most notable sector for publicly reported cyber incidents, with a 21% increase in the third quarter and reported in 40% of APT observations. This vital economic sector also led all industries in terms of detected ransomware samples and APT group activity in general.
DarkSide ransomware group acting as BlackMatter was found to have had a significant resurgence, despite that group's claim that they have stopped operating.
While claiming responsibility for the ransomware attack on Kaseya VSA that closed hundreds of supermarket stores for several days, the quarter also saw the REvil/Sodinokibi family of ransomware continue to lead in its pervasiveness as it had in Q2, accounting for nearly half of Trellix's ransomware detections.
Trellix chief scientist and fellow Raj Samani says the pandemic has heightened opportunities for attackers to approach certain markets, with new vulnerabilities being exploited by new tools.
“While we ended 2021 focused on a resurgent pandemic and the revelations around the Log4j vulnerability, our third-quarter deep dive into cyber threat activity found notable new tools and tactics among ransomware groups and advanced global threat actors,” he says.
When it came to the regional location of threat actors, Q3 2021 showed that threat activity believed to be from Russian and Chinese nation-state backed groups were responsible for nearly half (46% combined) of all observed APT threat activity. This assessment was based on an analysis of available technical indicators and further research.
While malware was the technique used most often in reported incidents in Q3 2021, malware incidents that were reported decreased 24% compared to Q2 2021.
Formbook, Remcos RAT and LokiBot amounted to almost 80% of malware detections in Q3 2021, with Formbook found in over one-third of attacks.
Samani says the information provided in the report serves as an insight into the risks companies in the finance industry face due to the sudden emergence of new threat technology.
“This report provides greater visibility into the use and abuse of ransomware group personas, how nation state APT actors seek to burrow deeper into finance and other critical industries, and new Living off the Land attacks exploiting native Microsoft system tools in new ways.