- within Compliance, Insurance and Wealth Management topic(s)
Malware Activity
Cyber Threats and Resilience in the Face of Massive DDoS Attacks
Recent cybersecurity developments highlight both the escalating scale of cyberattacks and the evolving sophistication of malware. DDoS-Guard, a leading provider of DDoS mitigation services, successfully defended against a record-breaking attack peaking at 15 billion packets per second. This underscores the increasing intensity of volumetric assaults aimed at destabilizing critical infrastructure. This incident reflects broader trends where state-sponsored and criminal actors deploy massive DDoS campaigns to disrupt operations and exert pressure on targets. In parallel, researchers have uncovered new malware strains: CHILLYHELL is a modular backdoor targeting macOS with advanced persistence and evasion tactics, and ZynorRAT is a versatile remote access trojan leveraging Telegram for command-and-control on Windows and Linux systems. These threats exemplify the ongoing race in cybersecurity. By emphasizing the importance of deploying robust, adaptive defenses to safeguard digital assets against increasingly complex and persistent cyber adversaries. CTIX analysts will continue to report on the latest malware strains and attack methodologies.
- BleepingComputer: DDoS Defender Targeted In 15 bpps Denial of Service Attack article
- TheHackerNews: ChillyHell Macos Backdoor and Zynorrat article
Threat Actor Activity
Students Involved in "Dares" Attributed to Rise in Cyberattacks Against Schools
The U.K.'s Information Commissioner's Office (ICO) has issued a warning about the increasing number of cyberattacks and data breaches in schools driven by student hackers motivated by dares. The ICO highlights a pattern in 215 insider threat breach reports from the education sector between January 2022 and August 2024, with 57% of incidents attributed to students acting out of "dares, notoriety, financial gain, revenge, and rivalries." This advisory comes amidst reports of young English-speaking cybercriminals involved in recent cyberattacks. In July, the National Crime Agency (NCA) arrested four (4) individuals, including three (3) teenagers, for suspected involvement in ransomware attacks targeting British retailers. The ICO notes that around 5% of 14-year-old boys and girls admit to hacking activities. The NCA aims to divert children with technological interests away from criminal activities and into legal programs. It estimates that one (1) in five (5) children in Britain aged ten (10) to sixteen (16) has engaged in illegal online activity, with the youngest referral to its Cyber Choices program being just seven (7) years old. The ICO attributes some breaches to poor data protection practices, such as staff accessing data without legitimate need, unattended devices, and students using staff devices. Only 5% of breaches involved insiders using sophisticated techniques to bypass security controls. The ICO cites cases where students hacked their school's information systems using internet-downloaded tools. In one instance, a student accessed and altered personal information of over 9,000 individuals using a staff login.
Vulnerabilities
Akira Ransomware Exploits SonicWall Flaws in Surge of Targeted Attacks
The Akira ransomware group has intensified its attacks on SonicWall devices, exploiting misconfigurations and a year-old flaw (CVE-2024-40766) to gain initial access. Rapid7 and SonicWall warn that Akira actors are combining brute-force credential attacks, LDAP SSL VPN misconfigurations, and abuse of the Virtual Office Portal to bypass access controls and establish persistence. This activity aligns with Akira's broader surge in 2025, where it ranked as the third most active ransomware group, responsible for at least seventy-nine (79) incidents in Q2, particularly targeting manufacturing and transportation sectors. Recent campaigns also leveraged SEO poisoning to drop Bumblebee malware, which delivers AdaptixC2 for post-exploitation, remote access, and eventual ransomware deployment. CTIX analysts urge organizations utilizing SonicWall next-generation firewalls to follow the security guidance to rotate and remove unused accounts, enforce MFA/TOTP, restrict portal access, and audit SonicWall configurations to prevent compromise.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
