Cybersecurity Reports Articles

Qilin leads ransomware activity this period, with CL0P and Akira close behind. Newer and mid-tier groups like Sinobi and DragonForce show rising impact. Victims are primarily small US-based businesses, with manufacturing, technology, retail, and construction most affected.

One of the most concerning developments over this period has been the discovery of zero-click vulnerabilities in Samsung mobile devices, which have already been actively exploited by the Landfall spyware.

The recent theft of source code from F5 has seen over a quarter of a million F5 BIG-IP instances exposed to potential remote attacks via the Internet, and in terms of victim locations, we see a notable change in this period, with Australia joining the top 5.

The emergence of the Scattered LAPSUS$ Hunters 'Trinity of Chaos' has made headlines in recent weeks with their daring extortion attempts of large enterprises whose data they had stolen from SalesForce instances.

Of concern in this period is a rise in attacks against Cisco ASA and IOS XE devices, highlighting the exposure of critical network infrastructure. On the malware side, Brickstorm and MetaStealer are showing increased activity, with several lightweight loaders tied to state-backed groups also in play.

Of concern in this period is an increase in attackers compromising devices from vendors including SonicWall and especially TP-Link. With many of these being consumer devices, compromises often go undetected for long periods, if they are ever noticed.

We all knew that sooner or later we would start to see malware that leverages generative AI. PromptLock, which was recently discovered by ESET, makes use of GenAI to analyze files on victim systems to work out whether to encrypt or exfiltrate the files.

Small businesses continue to dominate the ranks of breach victims at 84.25%. When we consider that small businesses represent about half of employment globally and about 44% of US GDP they fall victim to more than their fair share of cyber-attacks.

Since our previous brief, Qilin and INC ransomware remain the two most dominant types of ransomware. We do however have a new entrant in the top 5, with Beast representing 6.35% of ransomware attacks.