Application Security, Cybercrime, Cybercrime as a Service
Trellix’s John Fokker on the Cyber Impact of Ransomware, APT Groups and the Russian War
Mathew J. Schwartz (euroinfosec) •
March 25, 2022
Since at least the middle of last year, online attackers have increasingly targeted the financial services sector.
That’s according to John Fokker, principal engineer and head of cyber investigations for cybersecurity firm Trellix’s Advanced Threat Research group. He says the latest threat assessment from Trellix found a 22% increase in ransomware attackers and a 37% increase in APT detections in the third quarter of last year, compared to the previous quarter.
Fokker also says more victims have been discovered, in part thanks to a Ukrainian security researcher who leaked the Jabber chat logs of the roughly 100 employees of the Conti ransomware operation. These logs better revealed not only how the group operated, but also the identities of the organizations that quietly paid a ransom after being crypto-locked by Conti, perhaps in part to try to prevent the public from learning never the security incident.
Fokker says, “You can put your cyberskeletons in the closet but, like in normal life, they tend to come out.”
In this video interview with Information Security Media Group, Fokker explains:
- How targeted attacks on financial services have increased recently – via ransomware, other malware, APT groups – and the risks this poses;
- The cybersecurity impact of Russia’s invasion of Ukraine and the potential fallout from sanctions imposed on the country;
- How the financial services industry should respond.
Fokker is the Principal Engineer and Head of Cyber Investigations for Advanced Threat Research at Trellix. He was previously a project manager for the Cybercrime Threat Intelligence Team for the Dutch Police.