WithSecure Monthly Threat Highlights Report
Get the latest insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team.
Subcribe to our Monthly Threat Highlights Report and other news and updates from WithSecure, by joining our mailing list.
Every month, you'll see the latest highlights in the discussion thread here.
If you'd like to stay in the loop, simply bookmark this discussion and you'll receive a notification whenever we post the latest report.
Comments
-
January 2023
Monthly highlights
- GoTo (LogMeIn) breach
- The rise of Emotet (again)
- SEO poisoning at an all-time high
- Mac malware of 2022
Ransomware: Trends and notable reports
- Royal Mail hit by LockBit... affiliate
- A history of LockBit
- BianLian decryptor and shift to I2P
- Newcomers: CatB
- An interview with Mallox
Other notable highlights in brief
- Nordic common cybersecurity strategy
- Cellebrite & MSAB XRY data leaked
- OWASSRF, a technical write-up
- Breach of Slack
- Poland warns of Russian cyber attacks
- Denmark struck by Russian hacktivist DDoS
- Freejacking
- SugarCRM actively exploited
- Kela report on cybercrime in 2022
Threat data highlights
-
February 2023
Monthly highlights
Ransomware: Trends and notable reports
- ESXiArgs
- The end of Hive???
- Alphv attack on Munster
- Technological University
- The $10k ransomware manual
- TV provider Dish experience ransomware attack
- Newcomers: Nevada
- Newcomers: Mimic
Other notable highlights in brief
- GoAnywhere exploitation
- Zoho ManageEngine exploitation
- KeePass problems
- QR code phishing
- Sh1mmer exploit can unenroll managed Chromebooks
- IceBreaker target gaming/gambling companies
Threat data highlights
Research highlights
-
March 2023
Monthly highlights
Ransomware: Trends and notable reports
- CISAs pre-ransomware notification initiative
- Dole attack shows real world impact
- Rise of Royal
- Nevada is Nokoyawa
- Magniber’s SmartScreen bypass
- Ransomware newcomers
Other notable highlights in brief
- Best practices in cyber
- Hydrochasma gathering intelligence
- I2PMiner targeting MacOS
- Lumma Stealer targets content creators
- T-Mobile constantly targeted by SIM-swappers
- Android banking trojan tracker
- Breach Forums down!
- Ultrasonic attacks
Threat data highlights
Detection and response highlights
-
April 2023
Threat Intel monthly highlights: Ransomware gangs get Papercuts, Lockbit and BlueNoroff get into MacOS, pro-Russian 'hacktivism' continues and 3CX continues.
- Ransomware: Trends and notable reports
- Capita
- Nokoyawa – CVE-2023-28252
- Rorschach Ransomware discovered
- Other notable highlights in brief
- DuckTail new update?
- APT41 HOODOO
- Service Location Protocol Vulnerability
- Google Chrome Zero Day attacks
- Continued targeting of Networking Devices
- Threat data highlights
- Research highlights
- Ransomware: Trends and notable reports
-
May 2023
Latest Threat Highlights: 8x TLD disruption, Outlook bug patch bypassed, more Wordpress woe, an Infostealer special focus and new threat groups.
Ransomware: Trends and notable reports
- Newcomers
- Akira ransomware goes retro
- Royal
- Money Message leaks MSI keys
- Buhti switches it up
Other notable highlights in brief
- Goodbye CryptBot, NodeStealer and Snake
- Does this Android look infected?
- Brute Print
Threat data highlight
Research highlights
-
June 2023
- Mass exploitation of a vulnerability in MOVEit by Clop
- The use of "Bring Your Own Vulnerable Driver" (BYOVD) techniques in terminating AV/EDR
- Chinese APT group Volt Typhoon surfaces
- Mod poisoning for the popular video game Minecraft
- Updates on the hacktivism landscape
- Ransomware trends
The ransomware section includes identification of three newcomers and updates on the scale of attacks and statistics relating to the most active groups throughout June.
-
Ransomware has been a hugely profitable industry for criminal gangs for the last few years. The total amount of ransom paid since 2020 is estimated to be at least $2 billion, and this has both motivated and enabled the groups who are profiting from this activity to become more professional.
These groups are emulating the legitimate tech ecosystem and seeking greater efficiencies and profits: they outsource common, complex problems; they subcontract work; and they employ freelancers via what could be termed a gig economy of operators.
Stephen Robinson - Senior Threat Intelligence Analyst at WithSecure -
July 2023
- Exploitation of Ivanti EPMM resulting in the compromise of government departments in Norway
- Ransomware incidents involving newcomers BigHead and the impersonation of Sophos
- Driver loopholes
- Exploitation of Citrix products
- TeamsPhisher tool that is being ignored by Microsoft
- Examination of the hacktivist landscape
- Statistics relating to the most active threat groups throughout July
The report examines the hacktivist landscape and includes statistics relating to the most active threat groups throughout July.
-
August 2023
- Monthly highlights
- Ransomware trends and notable reports
- Other notable highlights in brief, and threat data highlights
- Latest news and trends in the cyber security industry
- Newcomers in the ransomware space, such as "Cloak", "Metaencryptor" and "Ransomed"