Monthly Threat Highlights Report
Insights from the cyber threat landscape - Courtesy of WithSecure Intelligence.
Latest Highlights
Previous Highlights
Previous years
December 2022
Monthly highlights
Ransomware: Trends and notable reports
- RansomBOGGS
- Ikea struck by Vice Society
- Guatemala hit by Onyx
- Trigona launch leak site
- Rackspace attack causes widespread issues
Other notable highlights in brief
- Twitter data breach exposed 5-400 million phone numbers
- Citrix and Fortinet patch actively exploited vulnerabilities
- Dolphin backdoor used by APT37
- InTheBox, a web-inject marketplace
- Infraguard breach
Threat Data highlights
Research highlights
- CISA’s known exploited vulnerabilities catalog
Download report
November 2022
Monthly highlights
Ransomware: Trends and notable reports
- Quantum Locker targets Cloud Environments
- The Rise of Royal Ransomware
- BlackBasta linked to FIN7 Threat Actor
- US Govt issue HIVE ransomware advisory
Other notable highlights in brief
- DTrack activity targeting Europe and Latin America
- Emotet botnet operational after 5-month hiatus
- ProxyNotShell Exchange Exploits Available
- OpenSSL Vulnerability Downgraded
Threat Data highlights
Research highlights
- DUCKTAIL, continued
- Machine learning accuracy forecast
Detection and response highlights
October 2022
Monthly highlights
- Military targets attacked
- Fortinet vulnerability under active attack
Ransomware: Trends and notable reports
- Automobile dealer group Pendragon held to $60m ransom
- “Prestige” ransomware hits Poland and Ukraine
- BlackByte abuse vulnerable drivers to bypass securit
Other notable highlights in brief
- GitHub rife with malicious code
- Two new Microsoft Exchange vulnerabilities being actively exploited
- FBI issue Iran hack-and-leak warning
- LinkedIn addresses fake profiles
- Abusing Chromium’s application mode to phish
- Healthcare sector report on commonly abused tools
- Joint report outlines top vulnerabilities exploited by China
- Zimbra vulnerability widely exploited
Threat data highlights
Detection and response highlights
September 2022
Monthly highlights
Ransomware: Trends and notable reports
- LockBit bug bounty and leaks
- Sparta ransomware
- Nations targeted by ransomware
- BianLian ransomware
- Ragnar Locker deep dive
- Technical analysis of Redeemer
- ExMatter for exfiltration and corruption
- Other notable highlights in brief
- Threat data highlights
- Monthly highlights
- Ransomware: Trends and notable reports
- LockBit bug bounty and leaks
- Sparta ransomware
- Nations targeted by ransomware
- BianLian ransomware
- Ragnar Locker deep dive
- Technical analysis of Redeemer
- ExMatter for exfiltration and corruption
- Other notable highlights in brief
- Threat data highlights
Download reportAugust 2022
Top malware strains 2021
- Mailchimp and Twilio incidents highlight the supply chain issue
- State-backed actors target Confluence vulnerability
- Microsoft disrupt Callisto Group
Ransomware: Trends and notable reports
- ENISA’s ransomware threat landscape
- A history lesson on Ransomware
- A look at Initial Access Brokers
- Newcomers: SolidBit
Other notable highlights in brief
Research highlights: WithSecure™ ransomware threat update
July 2022
- Trickbot group attack Ukraine
- Brute Ratel being abused by threat actors
- Black Basta on the rise
- Ransomware: Trends and notable reports
- BlackCat under the spotlight
- Vice Society
- A closer look at LockBit 3.0
- Hive joins BlackCat in using Rust
- CISA produce alert on MedusaLocker
- HavanaCrypt, a new group with novel tactics
- Q2 statistics from Digital Shadows
-
- Other notable highlights in brief
- Threat data highlights
- Research highlights: Ducktail: An infostealer malware targeting Facebook business accounts
June 2022
- Follina, an exploited vulnerability in MSDT
- Emotet back at full power
- State-backed actors target Confluence vulnerability
- Law enforcement takes down Flubot
- Ransomware: Trends and notable reports
- A look at the ransomware ecosystem
- LockBit is updated to 3.0
- An advisory on Karakurt
- “Ransomware” targeting Elasticsearch
- The costs of ransomware to businesses
- Other notable highlights in brief
- Research highlights: WithSecure™ ransomware threat update
May 2022
- Advisory on initial access techniques
- Emotet back at full power
- BPFDoor, an insidious backdoor
- Ransomware: Trends and notable reports:
- Is this the end of Conti?
- Iran is carrying out ransomware attacks
- Operator of Thanos builder charged
- The return of REvil?
- Other notable highlights in brief
April 2022
- CNI targeted with ICS malware
- FA Fatigue: A new attack technique
- The disruption of ZLoader
- A breakdown of ContiLeaks
- RANSOMWARE: Trends and Notable Reports
- A look at Blackcat/ALPHV
- Russia in the crosshairs
- Quantum: a 4-hour attack
- LockBit strike Rio de Janeiro finance department
- BlackByte breakdown
- Nokoyawa, a Nempty strain
- Other Notable Highlights in Brief
March 2022
- Okta LAPSUS$ Compromise
- Heightened Awareness of Russian Threat Activity
- Chinese backed actor APT41 attacks US government
- Initial access broker for Conti uses complex social engineering
- RANSOMWARE: Trends and Notable Reports
- RURansom targets Russia
- Advisory on AvosLocker
- HermeticRansom can be decrypted
- Sophos collates their ransomware research
- An analysis of LockBit 2.0
- Estonian imprisoned for connection with ransomware and cybercrime
- Other Notable Highlights in Brief
February 2022
- RUSSIA-UKRAINE CONFLICT: Related cyber activity
- SANDWORM: Using new malware Cyclops Blink
- KARAKURT: A threat actor focused on extortion
- DAXIN: A Chinese-linked espionage tool
- RANSOMWARE: Trends and Notable Reports
- Recovery of data encrypted by Hive ransomware
- Joint advisory on ransomware
- CONTI Leaks
- Other Notable Highlights in Brief
January 2022
- UKRAINE: Defacements and WhisperGate Wiper
- CISA: Russian Nation State Threats
- Log4j: A Pervasive Library Vulnerability
- SYSJOKER: New Backdoor Targets Windows, Mac and Linux
- EARTHLUSCA: Financially Motivated Chinese Threat Actor
- RANSOMWARE: Trends and Notable Reports
- REvil Associates Arrested
- Europol shutdown VPN Labservers
- Other Ransomware Group Insights
- Other Notable Highlights in Brief
- sl1
- sl2
- sl3
November 2021
- IRANIAN ACTORS: Evolving Trends
- DEV-0322: ManageEngine Exploitation
- RANSOMWARE: Trends and Notable Reports
- Targeting Victims of Significant Financial Events
- US Law Enforcement and Sanctions
- TA505 Exploiting Serv-U Vulnerability
- Other Ransomware Group Insights
- Other Notable Highlights in Brief
October 2021
- MYSTERYSNAIL: Exploits Windows Zero Day
- ESPECTER: A Real World UEFI Bootkit
- RANSOMWARE: Trends and Notable Reports
- US Treasury Financial Trends Report
- VirusTotal Global Ransomware Context Report
- BlackMatter Ransomware
- Ransomware
- Tradecraft Evolutions
September 2021
- FAMOUSSPARROW: New APT targeting international hotels
- OMIGOD VULNERABILITIES: Exploitation in Microsoft’s Open Management Infrastructure (OMI)
- CONFLUENZA: Critical OGNL injection vulnerability being exploited
- RANSOMWARE HIGHLIGHTS: BlackMatter, US government sanctions against cryptocurrency exchange, CISA advisory on CONTI ransomware
Download report
August 2021
- SHADOWPAD: A modular malware platform of Chinese origin
- RANSOMWARE: LockBit 2.0, vulnerability exploitation and a disgruntled affiliate
- INKYSQUID: Web browser exploits used to infect victims
Download report
February 2021
- Silver Sparrow, a macOS malware compiled for Apple’s new M1 ARM64 chip architecture was identified infecting a large number of endpoints
- ANSSI disclosed a three-year campaign by the Sandworm threat actor targeting the IT monitoring software company Centreon
- A water treatment facility was compromised in the US and chemical levels in the water alerted after an actor gained access via TeamViewer
- CISA reported on activity by an APT group linked to the DPRK targeting organizations involved in the Cryptocurrency vertical
- Multiple vulnerabilities in Accellion’s File Transfer Appliance (FTA) exploited for data theft and extortion of victims
- Operation NightScout: A supply Chain compromise of gamers in Asia through BigNox’s NoxPlayer delivers surveillance related malware
- Lazarus group targeting defense industry with spearphishing and ThreatNeedle malware cluster to steal sensitive data
Download report
- sl1
- sl2
Join our mailing list
Subcribe to our Monthly Threat Highlights Report and other news and updates from WithSecure.