Monthly Threat Highlights Report

Insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team.

Latest highlights

December 2022

Monthly highlights

Ransomware: Trends and notable reports

  • RansomBOGGS
  • Ikea struck by Vice Society
  • Guatemala hit by Onyx
  • Trigona launch leak site
  • Rackspace attack causes widespread issues

Other notable highlights in brief

  • Twitter data breach exposed 5-400 million phone numbers
  • Citrix and Fortinet patch actively exploited vulnerabilities
  • Dolphin backdoor used by APT37
  • InTheBox, a web-inject marketplace
  • Infraguard breach

Threat Data highlights

Research highlights

  • CISA’s known exploited vulnerabilities catalog

 

Download report

November 2022

Monthly highlights

Ransomware: Trends and notable reports

  • Quantum Locker targets Cloud Environments
  • The Rise of Royal Ransomware
  • BlackBasta linked to FIN7 Threat Actor
  • US Govt issue HIVE ransomware advisory

Other notable highlights in brief

  • DTrack activity targeting Europe and Latin America
  • Emotet botnet operational after 5-month hiatus
  • ProxyNotShell Exchange Exploits Available
  • OpenSSL Vulnerability Downgraded

Threat Data highlights

Research highlights

  • DUCKTAIL, continued
  • Machine learning accuracy forecast

Detection and response highlights

Download report

October 2022

Monthly highlights

  • Military targets attacked
  • Fortinet vulnerability under active attack

Ransomware: Trends and notable reports

  • Automobile dealer group Pendragon held to $60m ransom
  • “Prestige” ransomware hits Poland and Ukraine
  • BlackByte abuse vulnerable drivers to bypass securit

Other notable highlights in brief

  • GitHub rife with malicious code
  • Two new Microsoft Exchange vulnerabilities being actively exploited
  • FBI issue Iran hack-and-leak warning
  • LinkedIn addresses fake profiles
  • Abusing Chromium’s application mode to phish
  • Healthcare sector report on commonly abused tools
  • Joint report outlines top vulnerabilities exploited by China
  • Zimbra vulnerability widely exploited

Threat data highlights

Detection and response highlights

Download report

September 2022

Monthly highlights
Ransomware: Trends and notable reports

  • LockBit bug bounty and leaks
  • Sparta ransomware
  • Nations targeted by ransomware
  • BianLian ransomware
  • Ragnar Locker deep dive
  • Technical analysis of Redeemer
  • ExMatter for exfiltration and corruption

- Other notable highlights in brief

- Threat data highlights 

- Monthly highlights
- Ransomware: Trends and notable reports

  • LockBit bug bounty and leaks
  • Sparta ransomware
  • Nations targeted by ransomware
  • BianLian ransomware
  • Ragnar Locker deep dive
  • Technical analysis of Redeemer
  • ExMatter for exfiltration and corruption

- Other notable highlights in brief

- Threat data highlights 

Download report

August 2022

Top malware strains 2021

  • Mailchimp and Twilio incidents highlight the supply chain issue
  • State-backed actors target Confluence vulnerability
  • Microsoft disrupt Callisto Group

Ransomware: Trends and notable reports

  • ENISA’s ransomware threat landscape
  • A history lesson on Ransomware
  • A look at Initial Access Brokers
  • Newcomers: SolidBit

Other notable highlights in brief
Research highlights: WithSecure™ ransomware threat update

Download report

July 2022

- Trickbot group attack Ukraine
- Brute Ratel being abused by threat actors
- Black Basta on the rise
- Ransomware: Trends and notable reports

  • BlackCat under the spotlight
  • Vice Society
  • A closer look at LockBit 3.0
  • Hive joins BlackCat in using Rust
  • CISA produce alert on MedusaLocker
  • HavanaCrypt, a new group with novel tactics
  • Q2 statistics from Digital Shadows
  • - Other notable highlights in brief

    - Threat data highlights
    - Research highlights: Ducktail: An infostealer malware targeting Facebook business accounts

    Download report

    June 2022

    - Follina, an exploited vulnerability in MSDT
    - Emotet back at full power
    - State-backed actors target Confluence vulnerability
    - Law enforcement takes down Flubot
    - Ransomware: Trends and notable reports

  • A look at the ransomware ecosystem
  • LockBit is updated to 3.0
  • An advisory on Karakurt
  • “Ransomware” targeting Elasticsearch
  • The costs of ransomware to businesses
  • - Other notable highlights in brief
    - Research highlights: WithSecure™ ransomware threat update

     

    Download report

    May 2022

    - Advisory on initial access techniques
    - Emotet back at full power
    - BPFDoor, an insidious backdoor
    - Ransomware: Trends and notable reports:

  • Is this the end of Conti?
  • Iran is carrying out ransomware attacks
  • Operator of Thanos builder charged
  • The return of REvil?
  • - Other notable highlights in brief

     

    Download report

    April 2022

    - CNI targeted with ICS malware
    - FA Fatigue: A new attack technique
    - The disruption of ZLoader
    - A breakdown of ContiLeaks
    - RANSOMWARE: Trends and Notable Reports

  • A look at Blackcat/ALPHV
  • Russia in the crosshairs
  • Quantum: a 4-hour attack
  • LockBit strike Rio de Janeiro finance department
  • BlackByte breakdown
  • Nokoyawa, a Nempty strain
  • - Other Notable Highlights in Brief

     

    Download report

    March 2022

    - Okta LAPSUS$ Compromise
    - Heightened Awareness of Russian Threat Activity
    - Chinese backed actor APT41 attacks US government
    - Initial access broker for Conti uses complex social engineering
    - RANSOMWARE: Trends and Notable Reports

  • RURansom targets Russia
  • Advisory on AvosLocker
  • HermeticRansom can be decrypted
  • Sophos collates their ransomware research
  • An analysis of LockBit 2.0
  • Estonian imprisoned for connection with ransomware and cybercrime
  • - Other Notable Highlights in Brief

     

    Download report

    Previous reports

    2022

    February 2022

    - RUSSIA-UKRAINE CONFLICT: Related cyber activity
    - SANDWORM: Using new malware Cyclops Blink
    - KARAKURT: A threat actor focused on extortion
    - DAXIN: A Chinese-linked espionage tool
    - RANSOMWARE: Trends and Notable Reports

  • Recovery of data encrypted by Hive ransomware
  • Joint advisory on ransomware
  • CONTI Leaks
  • - Other Notable Highlights in Brief

     

    Download report

    January 2022

    - UKRAINE: Defacements and WhisperGate Wiper
    - CISA: Russian Nation State Threats
    - Log4j: A Pervasive Library Vulnerability
    - SYSJOKER: New Backdoor Targets Windows, Mac and Linux
    - EARTHLUSCA: Financially Motivated Chinese Threat Actor
    - RANSOMWARE: Trends and Notable Reports

  • REvil Associates Arrested
  • Europol shutdown VPN Labservers
  • Other Ransomware Group Insights
  • - Other Notable Highlights in Brief

     

    Download report
    2021