With November demonstrating multiple increases when compared to various previous time periods, new data signals that we may be in for a bumpy ride in 2024. It’s nice when we get to see reports that are published relatively quickly to let us get a sense of where cyberattacks are today versus, say, a quarter or two ago (or even last year!). The NCCGroup’s Cyber Threat Intelligence Report was just published and covers ransomware attacks through November of this year.

ESO Solutions is a primary software developer and analytics platform for emergency and associated services; its programs connect emergency response agencies, fire departments, hospitals, and state response offices. ESO collects and disperses data between the services, giving responders the most complete information.

According to CISA, since the latter part of 2021, the perpetrators behind Snatch Ransomware have persistently adapted their strategies, capitalizing on prevailing tendencies and the operational successes of other ransomware variants within the cybercrime arena. Snatch has cast a wide net, targeting numerous sectors critical to infrastructure, including but not limited to the Defense, Industry, Food and Agriculture, and Information Technology sectors.

So, here’s the deal with AntiVirus software these days: It’s mostly playing catch-up with super-fast athletes — the malware guys. Traditional AV software is like old-school detectives who need a picture (or, in this case, a ‘signature’) of the bad guys to know who they’re chasing. The trouble is, these malware creators are quite sneaky — constantly changing their look and creating new disguises faster than AntiVirus can keep up with their photos.

TA4557 targets recruiters via email, threat actors use OAuth apps to automate BEC and cryptomining attacks, and researchers discover Sandman APT’s connection to the China-based KEYPLUG backdoor.

As the most downloaded app in the world right now, the number of TEMU impersonation emails has increased by 112% since October 1st, 2023. As discounts and spending-based reward coupons form a substantial part of TEMU’s awareness campaigns, the company is reportedly spending $2bn annually on marketing. As the brand continues to grow in popularity, cybercriminals are increasingly leveraging it to lend authenticity to their spoofing attempts.

Threat actors often employ stealthy attack techniques to elude detection and stay under the defender’s radar. One way they do so is by using uncommon programming languages to develop malware. Using an uncommon programming language to develop malware provides several benefits, including: Netskope recently analyzed a malicious backdoor written in Nim, which is a relatively new programming language.

This new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its’ victims for everything of value they have on their computer. The new Mr. Anon infostealer captures much more than just browser caches and passwords. It also uses basic social engineering tactics that prove to be effective enough to make attacks successful.

SecurityScorecard is analyzing a phishing campaign that deployed the Menorah malware, which is taking aim at users in the Middle East. This sophisticated campaign is being mounted by the threat actor group tracked as APT34, which is linked to Iran. This group is known for its focus on collecting sensitive intelligence and taking on high-profile targets across the Middle East including critical infrastructure and telecommunications entities.

The TargetCompany ransomware group, first identified in June 2021, garnered its name due to its distinctive practice of appending the names of the targeted organizations to encrypted files. Over time, the group has exhibited a dynamic evolution, frequently changing encryption algorithms, decryptor characteristics, and file name extensions.