To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

WithSecure Monthly Threat Highlights Report

LiselotteP
LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager
edited December 2023 in Important News from WithSecure

Get the latest insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team.

Subcribe to our Monthly Threat Highlights Report and other news and updates from WithSecure, by joining our mailing list.

Every month, you'll see the latest highlights in the discussion thread here.

If you'd like to stay in the loop, simply bookmark this discussion and you'll receive a notification whenever we post the latest report.

📝 Click here to see the latest report

Comments

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    January 2023

    Monthly highlights

    • GoTo (LogMeIn) breach
    • The rise of Emotet (again)
    • SEO poisoning at an all-time high
    • Mac malware of 2022

    Ransomware: Trends and notable reports

    • Royal Mail hit by LockBit... affiliate
    • A history of LockBit
    • BianLian decryptor and shift to I2P
    • Newcomers: CatB
    • An interview with Mallox

    Other notable highlights in brief

    • Nordic common cybersecurity strategy
    • Cellebrite & MSAB XRY data leaked
    • OWASSRF, a technical write-up
    • Breach of Slack
    • Poland warns of Russian cyber attacks
    • Denmark struck by Russian hacktivist DDoS
    • Freejacking
    • SugarCRM actively exploited
    • Kela report on cybercrime in 2022

    Threat data highlights

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    February 2023

    Monthly highlights

    Ransomware: Trends and notable reports

    • ESXiArgs
    • The end of Hive???
    • Alphv attack on Munster
    • Technological University
    • The $10k ransomware manual
    • TV provider Dish experience ransomware attack
    • Newcomers: Nevada
    • Newcomers: Mimic

    Other notable highlights in brief

    • GoAnywhere exploitation
    • Zoho ManageEngine exploitation
    • KeePass problems
    • QR code phishing
    • Sh1mmer exploit can unenroll managed Chromebooks
    • IceBreaker target gaming/gambling companies

    Threat data highlights

    Research highlights

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    March 2023

    Monthly highlights

    Ransomware: Trends and notable reports

    • CISAs pre-ransomware notification initiative
    • Dole attack shows real world impact
    • Rise of Royal
    • Nevada is Nokoyawa
    • Magniber’s SmartScreen bypass
    • Ransomware newcomers

    Other notable highlights in brief

    • Best practices in cyber
    • Hydrochasma gathering intelligence
    • I2PMiner targeting MacOS
    • Lumma Stealer targets content creators
    • T-Mobile constantly targeted by SIM-swappers
    • Android banking trojan tracker
    • Breach Forums down!
    • Ultrasonic attacks

    Threat data highlights

    Detection and response highlights

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    April 2023

    Threat Intel monthly highlights: Ransomware gangs get Papercuts, Lockbit and BlueNoroff get into MacOS, pro-Russian 'hacktivism' continues and 3CX continues.

    • Ransomware: Trends and notable reports
      • Capita
      • Nokoyawa – CVE-2023-28252
      • Rorschach Ransomware discovered
    • Other notable highlights in brief
      • DuckTail new update?
      • APT41 HOODOO
      • Service Location Protocol Vulnerability
      • Google Chrome Zero Day attacks
      • Continued targeting of Networking Devices
    • Threat data highlights
    • Research highlights

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    May 2023

    Latest Threat Highlights: 8x TLD disruption, Outlook bug patch bypassed, more Wordpress woe, an Infostealer special focus and new threat groups.

    Ransomware: Trends and notable reports

    • Newcomers
    • Akira ransomware goes retro
    • Royal
    • Money Message leaks MSI keys
    • Buhti switches it up

    Other notable highlights in brief

    • Goodbye CryptBot, NodeStealer and Snake
    • Does this Android look infected?
    • Brute Print

    Threat data highlight

    Research highlights

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    June 2023

    • Mass exploitation of a vulnerability in MOVEit by Clop
    • The use of "Bring Your Own Vulnerable Driver" (BYOVD) techniques in terminating AV/EDR
    • Chinese APT group Volt Typhoon surfaces
    • Mod poisoning for the popular video game Minecraft
    • Updates on the hacktivism landscape
    • Ransomware trends

    The ransomware section includes identification of three newcomers and updates on the scale of attacks and statistics relating to the most active groups throughout June. 

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    Ransomware has been a hugely profitable industry for criminal gangs for the last few years. The total amount of ransom paid since 2020 is estimated to be at least $2 billion, and this has both motivated and enabled the groups who are profiting from this activity to become more professional.

    These groups are emulating the legitimate tech ecosystem and seeking greater efficiencies and profits: they outsource common, complex problems; they subcontract work; and they employ freelancers via what could be termed a gig economy of operators.

    Stephen Robinson - Senior Threat Intelligence Analyst at WithSecure

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    July 2023

    • Exploitation of Ivanti EPMM resulting in the compromise of government departments in Norway
    • Ransomware incidents involving newcomers BigHead and the impersonation of Sophos
    • Driver loopholes
    • Exploitation of Citrix products
    • TeamsPhisher tool that is being ignored by Microsoft
    • Examination of the hacktivist landscape
    • Statistics relating to the most active threat groups throughout July

    The report examines the hacktivist landscape and includes statistics relating to the most active threat groups throughout July.

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    August 2023

    • Monthly highlights
    • Ransomware trends and notable reports
    • Other notable highlights in brief, and threat data highlights
    • Latest news and trends in the cyber security industry
    • Newcomers in the ransomware space, such as "Cloak", "Metaencryptor" and "Ransomed"

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    September 2023

    • Monthly highlights
    • Ransomware
    • Other notable highlights in brief

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    October 2023

    • An ongoing phishing campaign impacting Finland
    • The state of the infostealer market
    • Fallout following the compromise of Okta
    • A new HTTP/2 rapid reset DDoS technique
    • The state of the hacktivist landscape, which has been further shaped by ongoing conflict in Israel
    • Tracking the ransomware landscape, including statistics from known attacks
    • Reference to a wider piece of research on the malware Darkgate

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    November 2023

    • Exploitation of Vulnerabilities
    • SolarWinds Lawsuit
    • Ransomware Trends and Notable Reports

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    December 2023

    • Significant data breaches affecting US telecoms provider Xfinity, US mortgage lender MrCooper, and DonorView, a provider of a cloud-based charitable donation platform
    • Active exploitation of the zero-click Outlook/Exchange exploit by Russian APT, identified as Unit 26165 of the Russian GRU.
    • Analysis of exploit data focusing on changes over time in WithSecure and VirusTotal detection data, including fluctuations in the use of specific CVEs.
    • Ongoing events surrounding Israel and Palestine with associated hacktivist proxies active in the cyber arena for both sides.
    • Continuation of ransomware attacks, albeit in lower numbers than previous months, and signs of potential return of Qakbot after being taken down by Law Enforcement Agencies.
    • Exploration of interesting vulnerabilities, both old and new, with a different approach to analyzing the data on these vulnerabilities.

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    January 2024

    • Multiple zero-day vulnerabilities in Ivanti Connect Secure VPN appliances 
    • Compromise of Microsoft and HP Enterprise by Russian state actors 
    • Spike in Akira ransomware activity targeting the Nordics 
    • Vulnerabilities in GitLab and GitHub, raising concerns about CI/CD pipeline supply chain attacks 
    • Attacks by hacktivist groups with significant impacts 
    • Security failures leading to outages for Orange Spain

    Download report

  • LiselotteP
    LiselotteP W/ Staff, W/ Community Manager Posts: 252 Community Manager

    February 2024

    • Mass exploitation incidents involving Ivanti ConnectSecure and ConnectWise ScreenConnect vulnerabilities.
    • Ransomware attacks and varying statistics and opinions on the state of the ransomware sector.
    • Use of Machine Learning and LLMs for malicious activities like fraud and autonomous hacking.
    • Significant increases in phishing/maldoc exploits targeting client software.
    • Exploit data highlighting vulnerabilities such as CVE-2023-21716, CVE-2023-38831, CVE-2023-23376, and CVE-2023-23397.
    • Lazarus Group exploiting a Windows driver zero-day vulnerability (CVE-2024-21338) to disable security tools.
    • Newly exploited vulnerabilities added to CISA's Known Exploited Vulnerabilities catalogue, including CVE-2023-4762 affecting Google Chromium V8.

    Download report