Since December 16, 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors were observed using Microsoft Quick Assist and Teams to impersonate IT personnel and engage in malicious activities upon contacting victims. This is a continuation of the Black Basta campaign we reported on in a security bulletin sent in June 2024.

In a surprising development, Bumblebee Malware (a popular malware downloader) has resurfaced with an approach that was believed to be long gone: VBA macro-enabled documents. This comes just four months after Europol dismantled various trick bots—including Bumblebee, IcedId, Pikabot, TrickBot and systemBC—during a crackdown called Operation Endgame.

Threat actors impersonate HR in seasonal phishing campaign, Zloader receives new features and capabilities, and new details emerge about Secret Blizzard.

Before you prove your humanity to a pop up, make sure you’re not accidentally downloading malware.

Ransomware attacks targeting utilities have surged by 42% over the past year, with spear phishing playing a major role in 81% of cases, according to a ReliaQuest study spanning November 2023 to October 2024. Analyzing data from its GreyMatter platform and dark web activity, ReliaQuest found that utilities like water and energy systems are disproportionately affected. Their critical role in infrastructure makes them prime targets for cybercriminals.

Ransomware continues to be one of the most pervasive and costly cyber threats facing organizations worldwide. More than 40% of organizations surveyed by ESG research experienced a successful ransomware attack in the previous 12 months, and 32% were successfully attacked more than once. The consequences of failing to protect against ransomware can be devastating for any business. Beyond financial loss, victims can suffer operational downtime, reputational damage and potential regulatory fines.

Despite a ransomware payment controversy, some companies still decide to yield to the attacker’s requests. Doing so may seem like the easiest way out, but it comes with its own set of complications, both ethical and legal.

Stealer logs and the infostealers that harvest them form a key part of the threat landscape and cybercriminal ecosystem. Infostealers, which are also referred to as stealer malware, are deployed by threat actors to facilitate data theft from compromised devices. This data typically contains sensitive and valuable personal information including credentials, hardware or software information, IP addresses, browser cookies, and more.

DLL side-loading is a popular technique used by threat actors to execute malicious payloads under the umbrella of a benign, usually legitimate, executable. This allows the threat actor to exploit whitelists in security products that exclude trusted executables from detection. Among others, this technique has been leveraged by APT41 to deploy DUSTTRAP and Daggerfly to deliver Nightdoor backdoor.