In this second edition of the APEX™ Report, we analyze global compromise activities from January 1 through March 31. This report offers a comprehensive view of malicious activity during the initial phase of the COVID-19 outbreak by various threat actor groups. During this first quarter, we saw evidence of compromise from 164,879 IPs, corresponding to 19,180 companies.
Prevailion’s platform observed heightened malicious activity across several key industry sectors, which are focused on in this report: hospitals, pharmaceuticals, aerospace/defense and the oil and gas supply chain.
Since our last quarterly report, the APEX™ Platform has undergone several updates which have exponentially expanded its capabilities. The platform has been enhanced to incorporate thousands of additional sensors to track malware communications, or ‘beacons’. This means the platform’s readings are more accurate and more laser-focused to discover the activities within industry subsectors, and the Evidence of Compromise can be more specific—down to the level of malware deployed per IP address. These activities include both financially-motivated criminal groups and state-sponsored actors.
To help visualize some of these campaigns, in this edition we have incorporated new methods our data scientists have devised to show the impact of global compromises on industries over time. We hope this new perspective will help readers understand how not all malware are created equal. The right attack in the right industry subsector at the right time can lead to a level of cyber compromise that is akin to a contagion, spreading over a short period of time—a phenomenon not unlike the pandemic currently gripping the world.
Karim Hijazi, who served as the director of intelligence of the cybersecurity firm Mandiant and now serves as CEO of the security firm Prevailion, said the hackers will likely have “gone to ground” at this point.
While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another sophisticated crime actor that companies need to be watching out for.The group is called TA505 and it is believed to be […]
“This was the most pristine espionage effort, unlike anything we’ve seen in a very long time,” said Karim Hijazi, a former intelligence community contractor. “Everyone in the cybersecurity community is freaking out, because we don’t know where this could stop.”