Månatlig rapport om hotets höjdpunkter
Insikter från cyberhotlandskapet - med hjälp av WithSecure™ Countercepts eget Threat Intelligence-team.
Senaste höjdpunkterna
March 2023
Monthly highlights
Ransomware: Trends and notable reports
- CISAs pre-ransomware notification initiative
- Dole attack shows real world impact
- Rise of Royal
- Nevada is Nokoyawa
- Magniber’s SmartScreen bypass
- Ransomware newcomers
Other notable highlights in brief
- Best practices in cyber
- Hydrochasma gathering intelligence
- I2PMiner targeting MacOS
- Lumma Stealer targets content creators
- T-Mobile constantly targeted by SIM-swappers
- Android banking trojan tracker
- Breach Forums down!
- Ultrasonic attacks
Threat data highlights
Detection and response highlights
Download reportFebruary 2023
Monthly highlights
Ransomware: Trends and notable reports
- ESXiArgs
- The end of Hive???
- Alphv attack on Munster
- Technological University
- The $10k ransomware manual
- TV provider Dish experience ransomware attack
- Newcomers: Nevada
- Newcomers: Mimic
Other notable highlights in brief
- GoAnywhere exploitation
- Zoho ManageEngine exploitation
- KeePass problems
- QR code phishing
- Sh1mmer exploit can unenroll managed Chromebooks
- IceBreaker target gaming/gambling companies
Threat data highlights
Research highlights
Download reportJanuary 2023
Monthly highlights
- GoTo (LogMeIn) breach
- The rise of Emotet (again)
- SEO poisoning at an all-time high
- Mac malware of 2022
Ransomware: Trends and notable reports
- Royal Mail hit by LockBit... affiliate
- A history of LockBit
- BianLian decryptor and shift to I2P
- Newcomers: CatB
- An interview with Mallox
Other notable highlights in brief
- Nordic common cybersecurity strategy
- Cellebrite & MSAB XRY data leaked
- OWASSRF, a technical write-up
- Breach of Slack
- Poland warns of Russian cyber attacks
- Denmark struck by Russian hacktivist DDoS
- Freejacking
- SugarCRM actively exploited
- Kela report on cybercrime in 2022
Threat data highlights
Download report
Tidigare rapporter
March 2022
- Okta LAPSUS$ Compromise
- Heightened Awareness of Russian Threat Activity
- Chinese backed actor APT41 attacks US government
- Initial access broker for Conti uses complex social engineering
- RANSOMWARE: Trends and Notable Reports
- RURansom targets Russia
- Advisory on AvosLocker
- HermeticRansom can be decrypted
- Sophos collates their ransomware research
- An analysis of LockBit 2.0
- Estonian imprisoned for connection with ransomware and cybercrime
- Other Notable Highlights in Brief
April 2022
- CNI targeted with ICS malware
- FA Fatigue: A new attack technique
- The disruption of ZLoader
- A breakdown of ContiLeaks
- RANSOMWARE: Trends and Notable Reports
- A look at Blackcat/ALPHV
- Russia in the crosshairs
- Quantum: a 4-hour attack
- LockBit strike Rio de Janeiro finance department
- BlackByte breakdown
- Nokoyawa, a Nempty strain
- Other Notable Highlights in Brief
May 2022
- Advisory on initial access techniques
- Emotet back at full power
- BPFDoor, an insidious backdoor
- Ransomware: Trends and notable reports:
- Is this the end of Conti?
- Iran is carrying out ransomware attacks
- Operator of Thanos builder charged
- The return of REvil?
- Other notable highlights in brief
June 2022
- Follina, an exploited vulnerability in MSDT
- Emotet back at full power
- State-backed actors target Confluence vulnerability
- Law enforcement takes down Flubot
- Ransomware: Trends and notable reports
- A look at the ransomware ecosystem
- LockBit is updated to 3.0
- An advisory on Karakurt
- “Ransomware” targeting Elasticsearch
- The costs of ransomware to businesses
- Other notable highlights in brief
- Research highlights: WithSecure™ ransomware threat update
July 2022
- Trickbot group attack Ukraine
- Brute Ratel being abused by threat actors
- Black Basta on the rise
- Ransomware: Trends and notable reports
- BlackCat under the spotlight
- Vice Society
- A closer look at LockBit 3.0
- Hive joins BlackCat in using Rust
- CISA produce alert on MedusaLocker
- HavanaCrypt, a new group with novel tactics
- Q2 statistics from Digital Shadows
-
- Other notable highlights in brief
- Threat data highlights
- Research highlights: Ducktail: An infostealer malware targeting Facebook business accounts
August 2022
Top malware strains 2021
- Mailchimp and Twilio incidents highlight the supply chain issue
- State-backed actors target Confluence vulnerability
- Microsoft disrupt Callisto Group
Ransomware: Trends and notable reports
- ENISA’s ransomware threat landscape
- A history lesson on Ransomware
- A look at Initial Access Brokers
- Newcomers: SolidBit
Other notable highlights in brief
Research highlights: WithSecure™ ransomware threat update
September 2022
Monthly highlights
Ransomware: Trends and notable reports
- LockBit bug bounty and leaks
- Sparta ransomware
- Nations targeted by ransomware
- BianLian ransomware
- Ragnar Locker deep dive
- Technical analysis of Redeemer
- ExMatter for exfiltration and corruption
- Other notable highlights in brief
- Threat data highlights
- Monthly highlights
- Ransomware: Trends and notable reports
- LockBit bug bounty and leaks
- Sparta ransomware
- Nations targeted by ransomware
- BianLian ransomware
- Ragnar Locker deep dive
- Technical analysis of Redeemer
- ExMatter for exfiltration and corruption
- Other notable highlights in brief
- Threat data highlights
Download reportOctober 2022
Monthly highlights
- Military targets attacked
- Fortinet vulnerability under active attack
Ransomware: Trends and notable reports
- Automobile dealer group Pendragon held to $60m ransom
- “Prestige” ransomware hits Poland and Ukraine
- BlackByte abuse vulnerable drivers to bypass securit
Other notable highlights in brief
- GitHub rife with malicious code
- Two new Microsoft Exchange vulnerabilities being actively exploited
- FBI issue Iran hack-and-leak warning
- LinkedIn addresses fake profiles
- Abusing Chromium’s application mode to phish
- Healthcare sector report on commonly abused tools
- Joint report outlines top vulnerabilities exploited by China
- Zimbra vulnerability widely exploited
Threat data highlights
Detection and response highlights
November 2022
Monthly highlights
Ransomware: Trends and notable reports
- Quantum Locker targets Cloud Environments
- The Rise of Royal Ransomware
- BlackBasta linked to FIN7 Threat Actor
- US Govt issue HIVE ransomware advisory
Other notable highlights in brief
- DTrack activity targeting Europe and Latin America
- Emotet botnet operational after 5-month hiatus
- ProxyNotShell Exchange Exploits Available
- OpenSSL Vulnerability Downgraded
Threat Data highlights
Research highlights
- DUCKTAIL, continued
- Machine learning accuracy forecast
Detection and response highlights
December 2022
Monthly highlights
Ransomware: Trends and notable reports
- RansomBOGGS
- Ikea struck by Vice Society
- Guatemala hit by Onyx
- Trigona launch leak site
- Rackspace attack causes widespread issues
Other notable highlights in brief
- Twitter data breach exposed 5-400 million phone numbers
- Citrix and Fortinet patch actively exploited vulnerabilities
- Dolphin backdoor used by APT37
- InTheBox, a web-inject marketplace
- Infraguard breach
Threat Data highlights
Research highlights
- CISA’s known exploited vulnerabilities catalog
Download report
February 2022
- RUSSIA-UKRAINE CONFLICT: Related cyber activity
- SANDWORM: Using new malware Cyclops Blink
- KARAKURT: A threat actor focused on extortion
- DAXIN: A Chinese-linked espionage tool
- RANSOMWARE: Trends and Notable Reports
- Recovery of data encrypted by Hive ransomware
- Joint advisory on ransomware
- CONTI Leaks
- Other Notable Highlights in Brief
January 2022
- UKRAINE: Defacements and WhisperGate Wiper
- CISA: Russian Nation State Threats
- Log4j: A Pervasive Library Vulnerability
- SYSJOKER: New Backdoor Targets Windows, Mac and Linux
- EARTHLUSCA: Financially Motivated Chinese Threat Actor
- RANSOMWARE: Trends and Notable Reports
- REvil Associates Arrested
- Europol shutdown VPN Labservers
- Other Ransomware Group Insights
- Other Notable Highlights in Brief