The Q1 2020 APEX™ Report

Apex Report Header image Q1 2020
14 May 2020

In this second edition of the APEX™ Report, we analyze global compromise activities from January 1 through March 31. This report offers a comprehensive view of malicious activity during the initial phase of the COVID-19 outbreak by various threat actor groups. During this first quarter, we saw evidence of compromise from 164,879 IPs, corresponding to 19,180 companies.

Prevailion’s platform observed heightened malicious activity across several key industry sectors, which are focused on in this report: hospitals, pharmaceuticals, aerospace/defense and the oil and gas supply chain.

Since our last quarterly report, the APEX™ Platform has undergone several updates which have exponentially expanded its capabilities. The platform has been enhanced to incorporate thousands of additional sensors to track malware communications, or ‘beacons’. This means the platform’s readings are more accurate and more laser-focused to discover the activities within industry subsectors, and the Evidence of Compromise can be more specific—down to the level of malware deployed per IP address. These activities include both financially-motivated criminal groups and state-sponsored actors.

To help visualize some of these campaigns, in this edition we have incorporated new methods our data scientists have devised to show the impact of global compromises on industries over time. We hope this new perspective will help readers understand how not all malware are created equal. The right attack in the right industry subsector at the right time can lead to a level of cyber compromise that is akin to a contagion, spreading over a short period of time—a phenomenon not unlike the pandemic currently gripping the world.

Prevailion Apex Report Q1 2020-thumbnail

The Latest

Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond

Introduction: Prevailion’s Adversarial Counterintelligence Team (PACT) is using advanced infrastructure hunting techniques and Prevailion’s unparalleled visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign.  UNC1151 is likely a state-backed threat actor [1] waging an ongoing and far-reaching influence campaign that has targeted numerous countries across […]

Prevailion CEO, Karim Hijazi- Biden’s Cybersecurity Strategy

Prevailion CEO, Karim Hijazi, comments on lacking White House cybersecurity efforts Karim Hijazi lays out why Biden’s cybersecurity strategy lacks innovation and effectiveness to deal with modern adversaries already inside companies around the globe.    

Prevailion CEO, Karim Hijazi- Tmobile Hack

Prevailion CEO, Karim Hijazi, talks about the T-Mobile hack and cloned SIM cards Karim Hijazi says T-Mobile’s breach is the largest in carrier history and discusses SIM swapping and other forms of identity theft.    

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.