One cybersecurity firm’s threat report for Q1 2022 offers clues for the public to make their own general conclusions …

Based on telemetry from its global user base and network comprising n over one billion sensors, open-source intelligence and threat investigations, a cybersecurity firm has released some findings of cyber threat trends for Q1 2022.

The report also features research into connected healthcare and access control systems, email security trends, and emerging malware or cyber tactics incited by both sides of the Russian-Ukraine war.

Some key findings are as follows:

  • Top two most-targeted sectors: In the telemetry, firms providing IT, finance and other types of consulting and contract services were targeted by adversarial actors more often, indicating that cybercriminals prefer to impact multiple companies with one attack. Business services accounted for 64% of total US ransomware detections in the firm’s research data, and were the second-most targeted sector behind the telecom industry across global ransomware detections, malware detections and state-sponsored attacks in Q1 2022.

  • Ransomware disruptions: Following the January 2022 arrests of members of the REvil ransomware gang, payouts to attackers had declined. Ransomware groups were observed building lockers targeting virtualization services with varied success. Leaked chats from the quarter’s second-most active ransomware gang, Conti (which had expressed allegiance to the Russian administration), indicate that the latter government is directing cybercriminal enterprises.

  • Email security trends: Most incidents of malicious emails recorded in the telemetry contained a phishing URL used to steal credentials or lure victims to download malware. Emails with malicious documents and executables like infostealers and trojans attached were also abundant.

According to Christiaan Beek, Lead Scientist and Senior Principal Engineer, Trellix, which produced the report: “Adversaries know they are being watched closely: the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back. Global threat actors have novel cyber artillery ready to deploy in case of escalation; organizations need to remain vigilant.”