Individuals now top target for cybercrooks

Individual consumers have become the top target of cybercriminals, according to research from cybersecurity company Trellix.

The company’s latest Threat Labs report, examining cybercriminal behaviour over the last six months, shows that attacks on individuals grew 73% during the period.

The healthcare sector was the most targeted industry vertical. Meanwhile, attacks on transportation, shipping, manufacturing and information technology industries increased sharply during the period, with attacks on the manufacturing sector doubling during the period.

Advanced persistent threat actors were by contrast most likely to target the transport and shipping sectors, with attacks on these industries accounting for 27% of detection. Health care was second at 12%.

The report also details the continued use of ‘living off the land’ attack methods, involving using a target’s existing software and device controls to execute an attack. The most frequently used native OS binaries include Windows Command Shell (53%) and PowerShell (44%).

Notable threat activity during the fourth quarter included a 21% increase in attacks from Lockbit, the most prevalent ransomware family detected during the period. Likewise, the RedLine Stealer (20%), Raccoon Stealer (17%), Remcos RAT (12%), LokiBot (12%) and Formbook (12%) malware families collectively accounted for almost 75% of the malware observed during the quarter.

Finally, the report identified an increase in activity from APT threat actors targeting Ukraine, including growing usage of wiper malware, which seeks to render devices within targeted organisations useless by destroying the memory critical to how the devices operate.

Trellix Threat Labs Lead Scientist and Principal Engineer Christiaan Beek said the findings are concerning.

“We’re at a critical juncture in cybersecurity and observing increasingly hostile behaviour across an ever-expanding attack surface,” he said.

“Our world has fundamentally changed. The fourth quarter signalled the shift out of a two-year pandemic which cybercriminals used for profit and saw the Log4Shell vulnerability impact hundreds of millions of devices, only to continue cyber momentum in the new year where we’ve seen an escalation of international cyber activity.”

Image credit: ©stock.adobe.com/au/NicoElNino