Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

New tools appear in ongoing social engineering campaign, Mad Liberator ransomware targets AnyDesk users, and Bitdefender explores the evolving cybercriminal underground.

Look closer before clicking that link at the top of your search results.

In Q2 2024, the Kroll Cyber Threat Intelligence (CTI) Team observed an increase in activity around a new ransomware group named FOG. FOG was initially observed in May 2024, and since then has been heavily targeting higher educational institutions in the U.S. by exploiting compromised VPN credentials. Kroll's review of a recent FOG binary (1.exe) found no exfiltration or persistence mechanisms directly integrated.

Recently, a widespread cloud extortion operation—affecting 110,000 domains and involving significant financial demands—was uncovered. Unit 42, the cybersecurity research division of Palo Alto Networks, released a report this month detailing how threat actors exploited misconfigured.env files to gain unauthorized access, steal sensitive data, and demand ransoms after deleting cloud assets.

According to Gartner, by 2028, 75% of enterprises will prioritize backup of SaaS applications as a critical requirement, compared with 15% in 2024. Many of the largest organizations in the world rely on Salesforce as their CRM app that powers their business operations, helping them drive revenue faster.

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI. The latest advisory from the FBI on ransomware threat group BlackSuit, is actually an updated 18-month-old advisory originally released to warn organizations about the threat group Royal. It appears that the group has rebranded, according to the advisory, and has updated their methods of attack.

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which compiles all the information in a consistent manner. On average, a cyber attack can last anywhere from a few days to several weeks, with the recovery time often extending to months or even years.

In the dynamic world of cyber threats, the X-FILES stealer has emerged as a particularly dangerous and sophisticated piece of malware. First discovered in March 2021, this malware gained significant attention after a second variant surfaced later that year. Known for its efficiency in targeting vulnerable systems globally, X-FILES has become a top priority for cybersecurity professionals.

The latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access tactics. According to Coveware’s Q2 2024 Ransomware Quarterly Report, we see a few interesting trends: A new data point brought to light this quarter is the data exfiltration only (DXF) payment trend, which is relatively flat despite fluctuating between 53% in Q1 of 2022 when tracking began, down to a low of 23% in Q1 of this year.