SecureList

DECEMBER 20, 2024

Introduction BellaCiao is a.NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor Charming Kitten.

Malware 129

Malware DNS Encryption Passwords 129

Security Affairs

JUNE 6, 2025

In December 2023, CISA, the FBI, and ACSC warned of Play ransomware’s operation that hit 300 victims by October 2023. By stealing credentials with Mimikatz and escalating privileges with WinPEAS, they spread malware via Group Policy Objects. ” reads the advisory. ” concludes the report.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

Webroot

OCTOBER 25, 2023

Our annual analysis of the most notorious malware has arrived. As always, it covers the trends, malware groups, and tips for how to protect yourself and your organization. Their tactics have evolved significantly over the years, with ransomware now the malware of choice for cybercriminals. Who made this year’s malware list?

Malware 124

Malware Artificial Intelligence Ransomware Penetration Testing 124

SecureList

APRIL 23, 2025

We found that the malware was running in the memory of a legitimate SyncHost. The South Korean National Cyber Security Center published its own security advisory in 2023 against such incidents, and also published additional joint security advisories in cooperation with the UK government.

Malware 143

Malware Software Encryption Internet 143

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware 142

Malware Encryption Mobile Cryptocurrency 142

Security Affairs

MAY 4, 2025

“According to the indictment, from March 2021 to June 2023, Ahmed and others infected computer networks of several U.S.-based “The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. The man demanded ransom payments of $10,000 in Bitcoin from the victims.

Ransomware 115

Ransomware Encryption VPN Cryptocurrency 115

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. In November 2023, Cisco Talos researchers observed 8Base ransomware operators using a new variant of the Phobos ransomware.

Ransomware 73

Ransomware Encryption Backups Malware 73

Krebs on Security

JUNE 8, 2023

But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. Campbell, Calif. They don’t need it.

Firmware 340

Firmware Malware Software Ransomware 340

Security Affairs

NOVEMBER 24, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware 64

Malware Spyware Antivirus VPN 64

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In December 2023, the Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon.

VPN 124

VPN Government Malware Manufacturing 124

Security Affairs

APRIL 30, 2025

The RAT supports advanced evasion techniques, including living-off-the-land ( LOTL ) tactics and encrypted command and control (C2) communications. Their campaigns involve multi-phase intrusions, initial access, privilege escalation, and data exfiltration, using modular malware, LOTL techniques, and evasive C2 infrastructure.

Encryption 103

Encryption Ransomware Malware Phishing 103

Security Affairs

DECEMBER 26, 2024

The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. The new Mirai malware variant also targetsthe TP-Link flaw CVE-2023-1389 and the vulnerability CVE-2018-17532 affecting Teltonika RUT9XX routers. TheMiraivariant incorporates ChaCha20 and XOR decryption algorithms.

Manufacturing 90

Manufacturing Malware Firmware IoT 90

Security Affairs

MARCH 10, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook.

Hacking 118

Hacking Healthcare Backups Ransomware 118

SecureWorld News

JUNE 9, 2025

Global data reveals that cyberattacks rose by 131% between 2022 and 2023 across the aviation industry, with a 74 percent increase since 2020, underscoring the profundity of this threat. In the first half of 2023 alone, aviation cyberattacks surged by 24% worldwide, fueling disruptions from flight-planning systems to passenger services.

Cybersecurity 118

Cybersecurity Social Engineering Computers and Electronics Risk 118

Malwarebytes

DECEMBER 2, 2024

In 2023, ThreatDown discovered that, unlike other ransomware gangs that demanded up to $1 million or more from each victim , Phobos operators demanded an average of $1,719 from victims, with a median demand of just $300. Prevent intrusions and stop malicious encryption. Create offsite, offline backups. Don’t get attacked twice.

Ransomware 136

Ransomware Backups Small Business Malware 136

Security Affairs

APRIL 25, 2025

The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE. We found that the malware was running in the memory of a legitimateSyncHost.exeprocess, and was created as a subprocess of Cross EX, legitimate software developed in South Korea.”

Malware 94

Malware Software Encryption Hacking 94

Security Affairs

APRIL 13, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook.

Data breaches 130

Data breaches Unstructured Data Identity Theft Healthcare 130

Security Affairs

MARCH 12, 2025

Cato CTRL researchers observed a new botnet, called Ballista botnet, which is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-1389 (CVSS score 8.8), in TP-Link Archer routers. Since early 2025, Cato CTRL has tracked the Ballista botnet targeting TP-Link Archer routers via CVE-2023-1389.

IoT 74

IoT Malware Encryption DDOS 74

Malwarebytes

FEBRUARY 6, 2024

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both. READ THE REPORT

Ransomware 134

Ransomware Cybercrime Malware Social Engineering 134

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches 119

Data breaches Cybercrime Cyber Insurance Marketing 119

SecureList

DECEMBER 1, 2023

Analysis of samples exploiting CVE-2023-23397 vulnerability On March 14, Microsoft reported a critical Elevation of Privilege (EoP) vulnerability (CVE-2023-23397) in the Outlook client. This feature bypass vulnerability (CVE-2023-29324) was itself patched in May.

Malware 139

Malware Ransomware Encryption Energy and Utilities 139

Security Affairs

NOVEMBER 17, 2024

that reboots locked devices Ymir ransomware, a new stealthy ransomware grow in the wild Amazon discloses employee data breach after May 2023 MOVEit attacks A new fileless variant of Remcos RAT observed in the wild A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine U.S.

Cryptocurrency 112

Cryptocurrency Malware Hacking Data breaches 112

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. OmniVision Technologies Inc.

Data breaches 135

Data breaches Ransomware Manufacturing Encryption 135

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. We created a private report about this after an article claimed that the malware was used in the geopolitical conflict. Meanwhile, the malware itself evolved, adding an LDAP-based self-spreading mechanism.

Ransomware 139

Ransomware Malware Architecture Telecommunications 139

Security Affairs

JANUARY 1, 2024

In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation. Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake.

Malware 145

Malware Penetration Testing Passwords Encryption 145

Malwarebytes

JANUARY 2, 2024

The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta Buster, exploits a flaw in the encryption algorithm used in older versions of the Black Basta group’s ransomware. Stop malicious encryption. Detect intrusions.

Encryption 126

Encryption Ransomware Backups Malware 126

SecureList

MARCH 20, 2024

Introduction Malware for mobile devices is something we come across very often. In 2023 , our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023’s most resonant attacks was Operation Triangulation , targeting iOS, but that was rather a unique case.

Malware 130

Malware Mobile Firmware Spyware 130

Malwarebytes

OCTOBER 11, 2023

In other news, both LockBit and the Akira ransomware gang, the latter of which has tallied 125 victims since we first began tracking them in April 2023, were confirmed last month to be exploiting a specific zero-day flaw ( CVE-2023-20269 ) in Cisco VPN appliances. Stop malicious encryption. Detect intrusions.

Ransomware 142

Ransomware Social Engineering Backups Engineering 142

SecureList

APRIL 27, 2023

This is our latest installment, focusing on activities that we observed during Q1 2023. Further analysis revealed that the malware is signed with valid certificates and appears to have a connection to the threat actor Winnti, a connection established through several overlaps such as shared infrastructure, code signing and victimology.

Energy and Utilities 145

Energy and Utilities Malware Government Manufacturing 145

Malwarebytes

SEPTEMBER 12, 2023

Before this sudden increase in attacks, we had been observing an average decrease of 20 attacks a month from the group since April 2023. From April 2023 to July 2023, their median number of attacks was actually slightly higher than this at 69 attacks a month, making the decline seem less substantial. Stop malicious encryption.

Ransomware 133

Ransomware Backups Data breaches Malware 133

SecureList

NOVEMBER 29, 2024

The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens. While the modus operandi of the threat actor is reminiscent of the CloudWizard APT that we reported on in 2023, the malware code is completely different.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

SecureList

SEPTEMBER 21, 2023

The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Tested, tried.

IoT 137

IoT DDOS Passwords Malware 137

Malwarebytes

NOVEMBER 15, 2023

Formed around 2016 to defend Ukraine’s cyberspace against Russian interference, the UCA used a public exploit for CVE-2023-22515 to gain access to Trigona infrastructure. Use endpoint security software that can prevent exploits and malware used to deliver ransomware. Stop malicious encryption. Detect intrusions.

Ransomware 131

Ransomware Education Backups Cyber Insurance 131

SecureList

NOVEMBER 28, 2024

Later, in 2023, Elastic Lab published a report about an OceanLotus APT (aka APT32) attack that leveraged a new set of malicious tools called Spectral Viper. However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform.

Malware 118

Malware Government Software Spyware 118

Malwarebytes

DECEMBER 13, 2023

In November there were 457 total ransomware victims, making it the most active month for ransomware gangs in 2023 so far besides May. The top stories of the month include ALPHV’s shutdown, an increased focus on the healthcare sector, and high-profile attacks on Toyota, Boeing, and more using a Citrix Bleed vulnerability (CVE-2023-4966).

Ransomware 125

Ransomware Healthcare Encryption Backups 125

SecureList

DECEMBER 1, 2023

Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 76,551 unique users. 2 Turkmenistan 3.5 3 China 2.4 4 Tajikistan 2.1

Mobile 121

Mobile Ransomware Malware Adware 121

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware.

Software 124

Software Cryptocurrency Malware DNS 124