Trellix, a pioneering cybersecurity company at the forefront of Extended Detection and Response (XDR), has just released its much-anticipated report for November 2023 titled “The CyberThreat Report.” This cutting-edge report emerges from the depths of its Advanced Research Center, revealing critical insights into the rapidly shifting landscape of cyber threats.
“Understanding the changing landscape is vital for CISOs and SecOps teams to stay ahead of threats,” emphasized John Fokker, Head of Threat Intelligence at Trellix’s Advanced Research Center. “Cybercriminals are becoming increasingly more agile, organized, and politically aligned. It is imperative defenders refer to threat intelligence to strengthen their security posture with limited resources.”
The report’s key findings are as follows:
Cybercriminals leverage Generative AI (GenAI) to amplify phishing campaigns, circumventing existing protections. The report suggests a potential deployment of malicious GenAI in ongoing attacks due to the alarming scale and speed of phishing assaults.
Geopolitical Threat Activity
Nation-state threat activities surged by over 50% in the last six months, attributed to heightened conflict in regions like Russia, Ukraine, Israel, and disruptive attacks in Taiwan ahead of their 2024 elections.
Unusual variations in ransomware families and a shift towards targeting specific countries and industries were observed in global detections and industry-reported incidents. The emergence of smaller ransomware groups focusing on data exfiltration marked a splintering trend among larger groups.
A notable increase in active collaboration among threat actors on Dark Web forums was documented. This included formal alliances like “The Five Families,” intensified sharing of zero-day vulnerabilities, joint development efforts for accelerated exploitations, and more.
The rise of polyglot malware, employing new programming languages such as Golang, has become a significant concern. Notably, Golang was observed in 32% of ransomware, 26% of backdoors, and 20% of Trojan Horse incidents.
The report underscores the dynamic nature of the cybersecurity landscape, fraught with geopolitical and economic complexities. As new cyber actors emerge daily and fresh vulnerabilities are unearthed, the Trellix Advanced Research Center’s comprehensive analysis stands as a critical resource for CISOs, aiding in understanding and mitigating evolving cybersecurity risks in today’s interconnected world.