cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Telecoms face biggest ransomware threat, says new report

Telecoms are the most heavily impacted by ransomware according to a new report.

user icon Daniel Croft
Tue, 22 Nov 2022
Telecoms face biggest ransomware threat, says new report
expand image

Cyber security company Trellix has released The Threat Report: November 2022. The report analyses trends in the cyber security space worldwide, defining which parts of the world and which industries are the most affected.

The new report came via the Trellix Advanced Research Center, which was launched in September following Trellix debuting earlier in the year. Trellix was established from a merger between McAfee Enterprise and FireEye.

The overall findings of the report were that political hacktivist activity and state sponsored groups are more prevalent than ever, thanks to a tense global political climate with Russia and Ukraine, China and Taiwan, North Korea and more.


“The last quarter saw cyber events continue to intensify in their technical sophistication and in their potential for economic and geopolitical impact,” said John Fokker, company head of threat intelligence.

“We observed uninterrupted activity out of Russia, Chinese actors targeting Taiwan, North Korean actors launching cyber attacks timed with missile drills, activities not only attributed to state-sponsored groups, but we observed a rise in politically motivated hacktivist activity.

“All this, plus continued attacks on healthcare and education systems targeted by ransomware gangs, along with the shortage of cyber security talent around the world now reaching 3.4 million, shows the need for threat intelligence work isn’t slowing down.”

The report reveals that telecom companies are the most significantly impacted by ransomware, increasing 56 per cent from Q2 to Q3 2022. Transport and shipping followed in second.

The transport and shipping industry has seen ransomware activity double from Q2 to Q3 2022, demonstrating an increased threat to supply chains, particularly as they have just recovered post COVID-19.

Germany was the most heavily impacted nation by ransomware, with identified ransomware campaigns increasing 32 per cent from Q2 to Q3. It also ranked the highest of countries affected by indicators of compromise for Q3 2022, making up 27 percent of the top 10 countries impacted.

While Germany was the most targeted by advanced persistent threat groups (APT) at 29 per cent, the most reported incidents of breaches and threats from open-sourced, publicly reported incidents for the quarter was the United States at 35 per cent.

Chinese-based Mustang Panda proved to be the most active APT for the quarter, making use of a specific PlugX version that is commonly used by Chinese threat actors.

The most common ransomware tool detected via Trellix’s telemetry was LockBit, a program which blocks user access to a PC, and will only lift restrictions once a ransom is paid to the offender. LockBit made up 22 per cent of global ransomware family detections for the quarter.

For the full report, Trellix’s The Threat Report: November 2022 can be found here.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.