The latest Trellix cyberthreat report observes indicators of collaboration between ransomware groups and nation-state-backed advanced persistent threat (APT) actors.
Released by Trellix’s Advanced Research Center, the report outlines adoption and usage of lesser-known programming languages for malware and cybercriminals developing Generative AI (GenAI) tools.
John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center, said: “Cybercriminals are becoming increasingly more agile, organized and politically aligned. It is imperative defenders refer to threat intelligence to strengthen their security posture with limited resources.”
The report’s findings include:
- Malicious GenAI: Cybercriminals bypass protections to take advantage of commonly known tools and use GenAI to enhance phishing campaigns.
- Geopolitical Threat Activity: Nation-state threat activity spiked over 50% in the last six months.
- Ransomware Developments: Global detections and industry-reported incidents, particularly in Q2, reflect unusual variations in ransomware families, as well as countries and industries targeted. Also observed was a splintering of large ransomware groups – with the introduction of smaller groups and more attacks focused on data exfiltration.
- Underground Collaboration: The last six months demonstrated an increase in threat actors actively collaborating on Dark Web forums. This spanned groups formally joining together (“The Five Families”), an escalation in selling/sharing of zero-day vulnerabilities, joint PoC development efforts to accelerate exploitations, and more.
- Polyglot Malware: Cyber, a polycrisis itself, is a threat multiplier – and the rise of polyglot malware further exacerbates this. New programming languages are becoming popular malware choices – with Golang seeing high usage for ransomware (32%), backdoors (26%), and Trojan Horses (20%).
