Emotet, one of the first Malware-as-a-Service (MaaS), an ever-evolving botnet and banking trojan active since 2014, recently added new techniques to its arsenal. Initially intended to extract sensitive banking information from a victim’s computer and operate using other malware trojans, this notorious malware continues evolving by implementing new techniques in the malware delivery stage. This document is an update to the technical report on Emotet from December 2021.

Over the past month a new ransomware group, named Black Basta, has emerged and has quickly gained popularity. As 29 victims have already been added to Black Basta’s victim list, the group is drawing the attention of security researchers and hunters in the cybersecurity community worldwide. In the era of post-ContiLeaks ransomware groups are looking to utilize and base their product on the fairly successful Conti code.

As new ransomware groups emerge by the day, most of them operate the same business model and same techniques. And as we all know, one of the main techniques of ransomware groups is to encrypt valuable assets belonging to the victim. Over the past weeks, a new and slightly odd ransomware group has emerged named RansomHouse. At glance, it looks like any other ransomware group, but claims to be something other than what we are used to seeing.

In recent weeks, Cyberint has been monitoring a new marketplace that appeared in the TOR network, an insiders network called Industrial Spy. This new platform was established in around mid-March this year and is currently being promoted on known Darknet forums and Telegram channels. The platform’s main goal is to become the ultimate repository containing victims’ data, which is mainly gathered by threat actors and insiders.

Info Stealers are one of the most popular malware types being used in the wild today.

One thing that we’ve learned from the Russia-Ukraine conflict is that the cybersecurity and the cyber-warfare world is going to change, if it hasn’t already. While Anonymous, the TI Army of Ukraine, and more hacktivist groups are actively participating in the conflict, a relatively new group brings something new to the table.

The first quarter of 2022 will be remembered as one of the most interesting quarters of the past years. A historical war changed cyber warfare rules entirely, New lethal groups made their debuts, causing major damage. Conti Group Leaks and Lockbit2.0 taking over provided us with many insights and paved the way to a new era.

A new vulnerability was found in the Spring Core module of the Spring Framework. This was discovered by a Chinese security researcher, posting a Proof-of-Concept (POC) on GitHub (Figure 1), which later was deleted. This vulnerability is a zero-day, which currently wasn’t assigned a CVE, and was dubbed by security researchers as “Spring4Shell” or “SpringShell”, after the recent vulnerability in the Log4j Java package, discovered last December, and made waves worldwide.

The rise in cybercrime has accelerated 600% over the last three years, and shows no signs of slowing down. Even though the pandemic accelerated online services, data, and particularly vulnerable home networks, the truth is that cybercriminals are caught only 0.03 percent of the time. That rate, combined with the fact that the average cost of a data breach stands at $3.86 million makes for an attractive calculation for cybercriminals.

2022 saw several significant and historical cases in the ransomware industry, new players were introduced and some already have caused major damage to top-of-the-line organizations around the world. Although LAPSUS$ commenced its operations in December 2021, they have made its greatest impact in 2022, compromising major organizations such as NVIDIA, Vodafone, Samsung Microsoft, LG and Okta.