Månatlig rapport om hotets höjdpunkter

Insikter från cyberhotlandskapet - med hjälp av WithSecure™ Countercepts eget Threat Intelligence-team.

Senaste höjdpunkterna

March 2023

Monthly highlights

Ransomware: Trends and notable reports

  • CISAs pre-ransomware notification initiative
  • Dole attack shows real world impact
  • Rise of Royal
  • Nevada is Nokoyawa
  • Magniber’s SmartScreen bypass
  • Ransomware newcomers

Other notable highlights in brief

  • Best practices in cyber
  • Hydrochasma gathering intelligence
  • I2PMiner targeting MacOS
  • Lumma Stealer targets content creators
  • T-Mobile constantly targeted by SIM-swappers
  • Android banking trojan tracker
  • Breach Forums down!
  • Ultrasonic attacks

Threat data highlights

Detection and response highlights

Download report

February 2023

Monthly highlights

Ransomware: Trends and notable reports

  • ESXiArgs
  • The end of Hive???
  • Alphv attack on Munster
  • Technological University
  • The $10k ransomware manual
  • TV provider Dish experience ransomware attack
  • Newcomers: Nevada
  • Newcomers: Mimic

Other notable highlights in brief

  • GoAnywhere exploitation
  • Zoho ManageEngine exploitation
  • KeePass problems
  • QR code phishing
  • Sh1mmer exploit can unenroll managed Chromebooks
  • IceBreaker target gaming/gambling companies

Threat data highlights

Research highlights

Download report

January 2023

Monthly highlights

  • GoTo (LogMeIn) breach
  • The rise of Emotet (again)
  • SEO poisoning at an all-time high
  • Mac malware of 2022

Ransomware: Trends and notable reports

  • Royal Mail hit by LockBit... affiliate
  • A history of LockBit
  • BianLian decryptor and shift to I2P
  • Newcomers: CatB
  • An interview with Mallox

Other notable highlights in brief

  • Nordic common cybersecurity strategy
  • Cellebrite & MSAB XRY data leaked
  • OWASSRF, a technical write-up
  • Breach of Slack
  • Poland warns of Russian cyber attacks
  • Denmark struck by Russian hacktivist DDoS
  • Freejacking
  • SugarCRM actively exploited
  • Kela report on cybercrime in 2022

Threat data highlights

 

Download report

Tidigare rapporter

2022

March 2022

- Okta LAPSUS$ Compromise
- Heightened Awareness of Russian Threat Activity
- Chinese backed actor APT41 attacks US government
- Initial access broker for Conti uses complex social engineering
- RANSOMWARE: Trends and Notable Reports

  • RURansom targets Russia
  • Advisory on AvosLocker
  • HermeticRansom can be decrypted
  • Sophos collates their ransomware research
  • An analysis of LockBit 2.0
  • Estonian imprisoned for connection with ransomware and cybercrime
  • - Other Notable Highlights in Brief

     

    Download report

    April 2022

    - CNI targeted with ICS malware
    - FA Fatigue: A new attack technique
    - The disruption of ZLoader
    - A breakdown of ContiLeaks
    - RANSOMWARE: Trends and Notable Reports

  • A look at Blackcat/ALPHV
  • Russia in the crosshairs
  • Quantum: a 4-hour attack
  • LockBit strike Rio de Janeiro finance department
  • BlackByte breakdown
  • Nokoyawa, a Nempty strain
  • - Other Notable Highlights in Brief

     

    Download report

    May 2022

    - Advisory on initial access techniques
    - Emotet back at full power
    - BPFDoor, an insidious backdoor
    - Ransomware: Trends and notable reports:

  • Is this the end of Conti?
  • Iran is carrying out ransomware attacks
  • Operator of Thanos builder charged
  • The return of REvil?
  • - Other notable highlights in brief

     

    Download report

    June 2022

    - Follina, an exploited vulnerability in MSDT
    - Emotet back at full power
    - State-backed actors target Confluence vulnerability
    - Law enforcement takes down Flubot
    - Ransomware: Trends and notable reports

  • A look at the ransomware ecosystem
  • LockBit is updated to 3.0
  • An advisory on Karakurt
  • “Ransomware” targeting Elasticsearch
  • The costs of ransomware to businesses
  • - Other notable highlights in brief
    - Research highlights: WithSecure™ ransomware threat update

     

    Download report

    July 2022

    - Trickbot group attack Ukraine
    - Brute Ratel being abused by threat actors
    - Black Basta on the rise
    - Ransomware: Trends and notable reports

  • BlackCat under the spotlight
  • Vice Society
  • A closer look at LockBit 3.0
  • Hive joins BlackCat in using Rust
  • CISA produce alert on MedusaLocker
  • HavanaCrypt, a new group with novel tactics
  • Q2 statistics from Digital Shadows
  • - Other notable highlights in brief

    - Threat data highlights
    - Research highlights: Ducktail: An infostealer malware targeting Facebook business accounts

    Download report

    August 2022

    Top malware strains 2021

    • Mailchimp and Twilio incidents highlight the supply chain issue
    • State-backed actors target Confluence vulnerability
    • Microsoft disrupt Callisto Group

    Ransomware: Trends and notable reports

    • ENISA’s ransomware threat landscape
    • A history lesson on Ransomware
    • A look at Initial Access Brokers
    • Newcomers: SolidBit

    Other notable highlights in brief
    Research highlights: WithSecure™ ransomware threat update

    Download report

    September 2022

    Monthly highlights
    Ransomware: Trends and notable reports

    • LockBit bug bounty and leaks
    • Sparta ransomware
    • Nations targeted by ransomware
    • BianLian ransomware
    • Ragnar Locker deep dive
    • Technical analysis of Redeemer
    • ExMatter for exfiltration and corruption

    - Other notable highlights in brief

    - Threat data highlights 

    - Monthly highlights
    - Ransomware: Trends and notable reports

    • LockBit bug bounty and leaks
    • Sparta ransomware
    • Nations targeted by ransomware
    • BianLian ransomware
    • Ragnar Locker deep dive
    • Technical analysis of Redeemer
    • ExMatter for exfiltration and corruption

    - Other notable highlights in brief

    - Threat data highlights 

    Download report

    October 2022

    Monthly highlights

    • Military targets attacked
    • Fortinet vulnerability under active attack

    Ransomware: Trends and notable reports

    • Automobile dealer group Pendragon held to $60m ransom
    • “Prestige” ransomware hits Poland and Ukraine
    • BlackByte abuse vulnerable drivers to bypass securit

    Other notable highlights in brief

    • GitHub rife with malicious code
    • Two new Microsoft Exchange vulnerabilities being actively exploited
    • FBI issue Iran hack-and-leak warning
    • LinkedIn addresses fake profiles
    • Abusing Chromium’s application mode to phish
    • Healthcare sector report on commonly abused tools
    • Joint report outlines top vulnerabilities exploited by China
    • Zimbra vulnerability widely exploited

    Threat data highlights

    Detection and response highlights

    Download report

    November 2022

    Monthly highlights

    Ransomware: Trends and notable reports

    • Quantum Locker targets Cloud Environments
    • The Rise of Royal Ransomware
    • BlackBasta linked to FIN7 Threat Actor
    • US Govt issue HIVE ransomware advisory

    Other notable highlights in brief

    • DTrack activity targeting Europe and Latin America
    • Emotet botnet operational after 5-month hiatus
    • ProxyNotShell Exchange Exploits Available
    • OpenSSL Vulnerability Downgraded

    Threat Data highlights

    Research highlights

    • DUCKTAIL, continued
    • Machine learning accuracy forecast

    Detection and response highlights

    Download report

    December 2022

    Monthly highlights

    Ransomware: Trends and notable reports

    • RansomBOGGS
    • Ikea struck by Vice Society
    • Guatemala hit by Onyx
    • Trigona launch leak site
    • Rackspace attack causes widespread issues

    Other notable highlights in brief

    • Twitter data breach exposed 5-400 million phone numbers
    • Citrix and Fortinet patch actively exploited vulnerabilities
    • Dolphin backdoor used by APT37
    • InTheBox, a web-inject marketplace
    • Infraguard breach

    Threat Data highlights

    Research highlights

    • CISA’s known exploited vulnerabilities catalog

     

    Download report

    February 2022

    - RUSSIA-UKRAINE CONFLICT: Related cyber activity
    - SANDWORM: Using new malware Cyclops Blink
    - KARAKURT: A threat actor focused on extortion
    - DAXIN: A Chinese-linked espionage tool
    - RANSOMWARE: Trends and Notable Reports

  • Recovery of data encrypted by Hive ransomware
  • Joint advisory on ransomware
  • CONTI Leaks
  • - Other Notable Highlights in Brief

     

    Ladda ner rapporten

    January 2022

    - UKRAINE: Defacements and WhisperGate Wiper
    - CISA: Russian Nation State Threats
    - Log4j: A Pervasive Library Vulnerability
    - SYSJOKER: New Backdoor Targets Windows, Mac and Linux
    - EARTHLUSCA: Financially Motivated Chinese Threat Actor
    - RANSOMWARE: Trends and Notable Reports

  • REvil Associates Arrested
  • Europol shutdown VPN Labservers
  • Other Ransomware Group Insights
  • - Other Notable Highlights in Brief

     

    Ladda ner rapporten