As The World Turns
Black Basta Cooking Up New Methodology. On August 1, 2024,security researchers revealed that Black Basta has developed custom malware and reliance on access brokers as its initial means of access. Previously, Black Basta relied on phishing techniques using Qakbot, but operation Duck Hunt largely put an end to Qakbot.
Magniber Group Magnifying Operations. On August 4, 2024,security researchers reported an uptick in activity from the Magniber ransomware group. The attacks focus on home users and rely on zero-day exploits and fraudulent Windows and browser updates.
Hitting Them While They're Down. On August 28, 2024, CISA, the FBI and the DoD's Cyber Crime Center issued a joint advisory warning of Pioneer Kitten, an Iranian APT Group that is working with other ransomware gangs by selling them credentials from breached organizations.
Where's Harry Potter When You Need Him? On August 29, 2024, researchers detected the Voldemort malware campaign that impersonates tax authorities from various countries.
Consider This
EPA Should Consider Protecting Its (Network) Environment. On August 1, 2024, the Government Accountability Office released a report stating that the EPA urgently needs to improve its cybersecurity posture to address risks to water and wastewater systems.
IRS Leads to Cold Takedown of Cryptonator. On August 1, 2024, a joint investigation including the IRS-Criminal Investigation, US DOJ, and FBI seized the Cryptonator, an online crypto wallet, for failing to implement appropriate anti-money laundering controls and facilitating illicit conduct.
DMARC Misses the Mark. On August 6, 2024, researchers explained that between December 2023 and July 2024, nearly 18 million phishing emails were detected. "Of the 17.8 million phishing emails detected, 62% bypassed DMARC checks and 56% evaded all existing security layers."
Another One Bites the Dust. On August 12, 2024, the FBI seized the Radar/Dispossessor ransomware operation, which is believed to have ties to LockBit.
MFA on the Way. On August 15, 2024, Microsoft announced that starting in October, Microsoft will begin enforcing mandatory multifactor authentication for signing into its Azure cloud systems.
Olympic News: U.S. Takes First. On August 20, 2024, Malwarebytes released its "ThreatDown 2024 State of Ransomware" report. That report revealed that 60% of all ransomware attacks on education, and 71% of all attacks on healthcare, occur in the U.S.
PWA Makes Bank Credentials Go Away. On August 21, 2024, security researchers warned of a new phishing campaign targeting iOS and Android users by using Progressive Web Application (PWA) to mimic legitimate banking applications. Users input banking credentials into the PWA, allowing the criminal to obtain the credentials and bypass MFA.
A New Hub for Ransomware. On August 29, 2024, the FBI issued a joint advisory about the RansomHub ransomware-as-a-service operation that has attacked over 200 victims since February.
New Kids on the Block
Gimme a Break – CryptoKat Ransomware Discovered.On August 6, 2024, security researchers disclosed that CryptoKat ransomware, with state-of-the-art encryption, is making waves on the dark web.
Doubleface Shows Its Face on Darkweb. On August 6, 2024, Doubleface ransomware creators announced this new variant, claiming it evades detection from antivirus software.
Rapid Ransomware Radar Reports More Ransomware Groups on Its Radar. On August 6, 2024, Rapid7 released a report identifying 21 new ransomware groups withing the first six months of this year.
Do Clothes Make the Group? On August 7, 2024, CISA and the FBI issued a joint advisory noting that the Royal Ransomware Group has rebranded as "BlackSuit."
New RaaS Takes Hold. On August 12, 2024, researchers disclosed that a new ransomware-as-a-service, DeathGrip, is being offered to threat actors through underground forums.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
