Trellix, the cybersecurity firm delivering the future of extended detection and response (XDR), has published ‘The Threat Report: Fall 2022,’ examining cybersecurity patterns and attack techniques from the first quarter of the year. 

The threat report includes evidence of malicious activity linked to ransomware and state-linked advanced persistent threat (APT) hackers. The researchers examined proprietary data from its sensor network, open-source intelligence, and investigations by the Trellix Advanced Research Center.
Here are some of the report’s key findings: 

• Transportation was the second most active sector globally, following telecom. APTs were also detected in transportation more than in any other sector. 

• Ransomware attacks surged 32% in Germany in Q3 and contributed 27% of global activity. Germany also experienced the most threat detections related to malicious hackers in Q3, with 29% of observed activity. In the United States, ransomware activity increased 100 % quarter-over-quarter in the transportation and shipping industries for Q3 2022. 

• Mustang Panda, a China-linked APT group, had the most identified threat indicators in Q3, followed by Russian-associated APT29 and Pakistan-linked APT36. 

• Phobos, ransomware sold as a complete kit in the cybercriminal underground, accounted for 10% of global detected activity and was the second most used ransomware detected in the US. 

• The infamous LockBit remained the most propagated ransomware in the third quarter of 2022, generating over a fifth (22%) of detections 

• Years-old security loopholes continue to remain a perfect target spot for threat actors. Threat analysts detected Microsoft Equation Editor vulnerabilities CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802 to be the most abused among malicious emails received by users during