Säkerhetsrapport
en gång i månaden

Insikter från cyberhotslandskapet från WithSecure Threat Intelligence-teamet. Ny rapport i början av varje månad.

WithSecurethreat-report

December 2022 highlights

  • Monthly highlights
  • Ransomware: Trends and notable reports
    • RansomBOGGS
    • Ikea struck by Vice Society
    • Guatemala hit by Onyx
    • Trigona launch leak site
    • Rackspace attack causes widespread issues
  • Other notable highlights in brief
    • Twitter data breach exposed 5-400 million phone numbers
    • Citrix and Fortinet patch actively exploited vulnerabilities
    • Dolphin backdoor used by APT37
    • InTheBox, a web-inject marketplace
    • Infraguard breach
  • Threat Data highlights
  • Research highlights
    • CISA’s known exploited vulnerabilities catalog
Läs rapporten

Threat report november 2022

November 2022 highlights

  • Ransomware: Trends and notable reports
    • Quantum Locker targets Cloud
    • EnvironmentsThe Rise of Royal
    • RansomwareBlackBasta linked to
    • FIN7 Threat Actor
    • US Govt issue HIVE ransomware advisory
  • Other notable highlights in brief
    • DTrack activity targeting Europe and Latin America
    • Emotet botnet operational after 5-month hiatus
    • ProxyNotShell Exchange Exploits Available
    • OpenSSL Vulnerability Downgraded
  • Threat Data highlights
  • Research highlights
    • DUCKTAIL, continued
    • Machine learning accuracy forecast
  • Detection and response highlights
Läs rapporten

threat-report-october

October 2022 highlights

  • Monthly highlights
    • Military targets attacked
    • Fortinet vulnerability under active attack
  • Ransomware: Trends and notable reports
    • Automobile dealer group Pendragon held to $60m ransom
    • “Prestige” ransomware hits Poland and Ukraine
    • BlackByte abuse vulnerable drivers to bypass securit
  • Other notable highlights in brief
    • GitHub rife with malicious code
    • Two new Microsoft Exchange vulnerabilities being actively exploited
    • FBI issue Iran hack-and-leak warning
    • LinkedIn addresses fake profiles
    • Abusing Chromium’s application mode to phish
    • Healthcare sector report on commonly abused tools
    • Joint report outlines top vulnerabilities exploited by China
    • Zimbra vulnerability widely exploited
  • Threat data highlights
  • Detection and response highlights
Läs rapporten

www.inuit.sehubfsWithSecurethreat-report-social

September 2022 highligths

  • Monthly highlights
  • Ransomware: Trends and notable reports
    • LockBit bug bounty and leaks
    • Sparta ransomware
    • Nations targeted by ransomware
    • BianLian ransomware
    • Ragnar Locker deep dive
    • Technical analysis of Redeemer
    • ExMatter for exfiltration and corruption
  • Other notable highlights in brief
  • Threat data highlights 
Läs rapporten

threat-report-social

August 2022 highlights

  • Top malware strains 2021
  • Mailchimp and Twilio incidents highlight the supply chain issue
  • State-backed actors target Confluence vulnerability
  • Microsoft disrupt Callisto Group
  • Ransomware: Trends and notable reports
    • ENISA’s ransomware threat landscape
    • A history lesson on Ransomware
    • A look at Initial Access Brokers
    • Newcomers: SolidBit
  • Other notable highlights in brief
  • Research highlights: WithSecure™ ransomware threat update
Läs rapporten

threat-report-july-2022

July 2022 highlights

  • Trickbot group attack Ukraine
  • Brute Ratel being abused by threat actors
  • Black Basta on the rise
  • Ransomware: Trends and notable reports
    • BlackCat under the spotlight
    • Vice Society
    • A closer look at LockBit 3.0
    • Hive joins BlackCat in using Rust
    • CISA produce alert on MedusaLocker
    • HavanaCrypt, a new group with novel tactics
    • Q2 statistics from Digital Shadows
  • Other notable highlights in brief
  • Threat data highlights
  • Research highlights: Ducktail: An infostealer malware targeting Facebook business accounts
Läs rapporten

cover-2022_06_29_WS_Threat_Highlight_report_FullHD_June_2022_client_public

June 2022 highlights

  • Follina, an exploited vulnerability in MSDT
  • Emotet back at full power
  • State-backed actors target Confluence vulnerability
  • Law enforcement takes down Flubot
  • Ransomware: Trends and notable reports
    • A look at the ransomware ecosystem
    • LockBit is updated to 3.0
    • An advisory on Karakurt
    • “Ransomware” targeting Elasticsearch
    • The costs of ransomware to businesses
  • Other notable highlights in brief
  • Research highlights: WithSecure™ ransomware threat update
Läs rapporten

cover-2022_05_31_WS_Threat_Highlight_report_FullHD_May_2022_public

May 2022 highlights

  • Advisory on initial access techniques
  • Emotet back at full power
  • BPFDoor, an insidious backdoor
  • Ransomware: Trends and notable reports:
    • Is this the end of Conti?
    • Iran is carrying out ransomware attacks
    • Operator of Thanos builder charged
    • The return of REvil?
  • Other notable highlights in brief
Läs rapporten

withysecure-threat-report-april-2022

April 2022 highlights

  • CNI targeted with ICS malware
  • FA Fatigue: A new attack technique
  • The disruption of ZLoader
  • A breakdown of ContiLeaks
  • RANSOMWARE: Trends and Notable Reports
    • A look at Blackcat/ALPHV
    • Russia in the crosshairs
    • Quantum: a 4-hour attack
    • LockBit strike Rio de Janeiro finance department
    • BlackByte breakdown
    • Nokoyawa, a Nempty strain
Läs rapporten

withsecure-threat-highlights-report-2022-03-cover

March 2022 highlights

  • Okta LAPSUS$ Compromise
  • Heightened Awareness of Russian Threat Activity
  • Chinese backed actor APT41 attacks US government
  • Initial access broker for Conti uses complex social engineering
  • RANSOMWARE: Trends and Notable Reports
    • RURansom targets Russia
    • Advisory on AvosLocker
    • HermeticRansom can be decrypted
    • Sophos collates their ransomware research
    • An analysis of LockBit 2.0Estonian imprisoned for connection with ransomware and cybercrime
Läs rapporten

f-secure-threat-report-february-2022

February 2022 Highlights

  • RUSSIA-UKRAINE CONFLICT: Related cyber activity
  • SANDWORM: Using new malware Cyclops Blink
  • KARAKURT: A threat actor focused on extortion
  • DAXIN: A Chinese-linked espionage tool
  • RANSOMWARE: Trends and Notable Reports
    • Recovery of data encrypted by Hive ransomware
    • Joint advisory on ransomware
    • CONTI Leaks
  • Other Notable Highlights in Brief
Läs rapporten

January 2022 threat highlights report.

January 2022 highlights

  • UKRAINE: Defacements and WhisperGate Wiper
  • CISA: Russian Nation State Threats
  • Log4j: A Pervasive Library Vulnerability
  • SYSJOKER: New Backdoor Targets Windows, Mac and Linux
  • EARTHLUSCA: Financially Motivated Chinese Threat Actor
  • RANSOMWARE: Trends and Notable Reports
    • REvil Associates Arrested
    • Europol shutdown VPN Labservers
    • Other Ransomware Group Insights
  • Other Notable Highlights in Brief
Läs rapporten

highlights-november-21

November 2021 highlights

  • IRANIAN ACTORS: Evolving Trends
  • DEV-0322: ManageEngine Exploitation
  • RANSOMWARE: Trends and Notable Reports
    • Targeting Victims of Significant Financial Events
    • US Law Enforcement and Sanctions
    • TA505 Exploiting Serv-U Vulnerability
    • Other Ransomware Group Insights
  • Other Notable Highlights in Brief
Läs rapporten

highlights-oktober-21

October 2021 highlights

  • MYSTERYSNAIL: Exploits Windows Zero Day
  • ESPECTER: A Real World UEFI Bootkit
  • RANSOMWARE: Trends and Notable Reports
    • US Treasury Financial Trends Report
    • VirusTotal Global Ransomware Context Report
    • BlackMatter Ransomware
    • Ransomware Tradecraft Evolutions
       
  • Other Notable Highlights in Brief
Läs rapporten