That is what data of the global customers of one cybersecurity firm is pointing to.

In analyzing its user ecosystem, a cybersecurity firm’s Q3 threat report for 2022 has concluded that the transportation and shipping sector using its protection services had experienced increased detections linked to multiple threat actors.

In its global customer base the transportation sector saw strong ransomware activities, second only to the telecoms sector, while advanced persistent threats were detected in transportation more than in any other sector.

Key highlights of Q3 data:

    • Malicious use of Cobalt Strike: This tool was employed maliciously in 33% of the observed global ransomware activity and 18% of APT detections in the firm’s user base.
    • Evolving ransomware trends: Previously low-key ransomware Phobos had managed to avoid mainstream attention and public reports until recently, accounting for 10% of the firm’s global detected activity
    • Prevalence of unpatched vulnerabilities: Years-old unpatched vulnerabilities continued to be successful exploitation vectors among users protected by the firm
    • Emerging threat actors: In the data analyzed, the China-linked threat actor Mustang Panda had the most detected threat indicators in Q3, followed by Russian-linked APT29 and Pakistan-linked APT36
    • US ransomware activity tops the list: In the US user base alone, ransomware activity increased 100% quarter-over-quarter in transportation and shipping. Globally, transportation was the second most active sector (following telecom). APTs were also detected in transportation more than in any other sector.
    • Finally, Germany users saw the highest detections: The firm’s users there generated the most threat detections related to APT actors in Q3 (29% of observed activity), and they also had the most ransomware detections. Ransomware detections rose 32% in Germany in Q3 and generated 27% of global activity.

Said John Fokker, Head of Threat Intelligence, Trellix, the firm reporting its findings: “So far, we have seen unremitting activity out of Russia and other state-sponsored groups. This activity is compounded by a rise in politically motivated hacktivism and sustained ransomware attacks on healthcare and education. The need for increased inspection of cyber threat actors and their methods has never been greater.”