SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
AI Security
#
Cybersecurity
#
Dark web
Trellix warns of rising collaboration in ransomware groups in 2023 report
Tue, 21st Nov 2023
Author image
By Catherine Knowles, Journalist
Follow us

Cybersecurity company Trellix has warned of the rising collaboration among ransomware groups and nation-state-backed attackers in its 2023 CyberThreat Report.

It highlighted criminal collectives including 'The Darknet Parliament', 'Net Worker Alliance', and 'The Five Families', characterising a shift to more organised, agile, and politically aligned cyber crime.

The use of lesser-known programming languages for malware development and the innovation of malicious Generative AI (GenAI) tools were also noted by the report.

John Fokker, Head of Threat Intelligence at Trellix Advanced Research Centre emphasised, "As technology advances, so does cyber crime - and understanding the changing landscape is vital for CISOs and SecOps teams to stay ahead of threats."

The company's research has noted that GenAI is being utilised to enhance phishing campaigns, suggesting that malicious GenAI may already be in deployment today.

Internationally, the report found that nation-state threat activity saw a significant surge, spiking over 50% in the last six months. The causes included escalating conflicts in Russia and Ukraine, a surge in cyber activity during and pre-conflict in Israel, and disruptive attacks on Taiwan ahead of their 2024 elections.

Geopolitical uncertainty described as both a cause and an incentive to cyber crimes, as new actors continue to emerge and existing ones evolve in their exploits and tactics, Trellix states.

Furthermore, the cybersecurity company noticed unusual variations in ransomware families, particularly in Q2, with a splintering of large ransomware groups into smaller entities focusing on data exfiltration.

Golang has become a popular language for malware, with a rise in its use for ransomware (32%), backdoors (26%), and Trojan Horses (20%), according to the report. Collaboration between threat actors actively on the Dark Web is also increasing, with formal collaboration among groups, a rising market in zero-day vulnerabilities, and joint PoC development efforts speeding exploitations.

These findings have recently been paralleled in Australia, with extensive attacks compromising government critical infrastructure systems and isolated attacks on national security systems.

John Fokker emphasized the relevance of these findings: "It is imperative defenders refer to threat intelligence to strengthen their security posture with limited resources." He stated that the comprehensive analysis by the Trellix Advanced Research Center provides an essential resource for CISOs to understand and address evolving cybersecurity risks in a globally connected world.

The CyberThreat Report: November 2023 is based on various data sources including Trellix's sensor network, investigations into nation-state and cyber criminal activity, and both open and closed-source intelligence.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds