First Publishied Nov 6th 2023 Updated May 9th 2024 Last seen on this month, 8Base is a ransomware collective that initiated its operations in April 2022. Despite its relatively short time in the cyber landscape, the group has swiftly garnered a reputation for its forceful strategies and the substantial volume of victims it has affected.

As with every year, the Verizon DBIR is released, with data involving more than 10,000 breaches that have been dissected and used to create the report’s baseline. Cyberint’s Research team inspected the document to understand where the cyber security realm is heading, the important trends in data breaches and incidents, and what we need to look for moving forward in 2024.

The UK, US, and Australia have revealed the identity of Dmitry Khoroshev, a Russian national and the leader of the once-notorious LockBit ransomware group, following an international disruption campaign led by the National Crime Agency (NCA).

On May 6, 2024, the LockBit ransomware group published a list of over 50 victims on their newly established data leak platform. Among the victims are NASDAQ-listed firms, major corporations, governmental organizations, and technology companies. Interestingly, some of these victims had been targeted previously by other groups or even by LockBit in earlier attacks.

Introduced in 2019, AsyncRAT is classified as a remote access trojan (RAT) that primarily functions as a tool for stealing credentials and loading various malware, including ransomware. This RAT boasts botnet capabilities and features a command and control (C2) interface, granting operators the ability to manipulate infected hosts from a remote location.

The ransomware landscape is evolving with increased competition among threat groups and the emergence of new ransomware operations. However, victim organizations and potential targets are strengthening their security measures and procedures to prepare for potential ransomware attacks. Our latest quarterly report for Q1 2024 shows a significant decrease in ransomware incidents, down to 1,048 cases, representing a 22% decline compared to Q4 2023.

Security researchers have identified a vulnerability, CVE-2024-27322, in the R programming language that permits arbitrary code execution by deserializing untrusted data. This flaw can be exploited when loading RDS (R Data Serialization) files or packages, which are commonly shared among developers and data scientists. An attacker can craft malicious RDS files or packages containing embedded arbitrary R code, triggering execution on the victim’s device upon interaction.

The complex geopolitical landscape in Southeast Asia, influenced by People’s republic of China (PRC)’s strategic interests and territorial disputes, faces a prominent offensive threat from Chinese cyber operations. Southeast Asia’s economic and digital growth make it a prime target for cyber threats. In the past 8 months Cyberint has been able to identify a major large-scale campaign.

Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.

Responsible for a number of infamous ‘big game hunter’ ransomware attacks and believed active since at least 2019, the ransomware threat group dubbed ‘CL0P‘ is thought to be a Russian-language cybercriminal gang and have been widely reported as associated with, or their malware adopted by, other cybercriminal groups including ‘FIN11’, a part of the larger financially-motivated ‘TA505’ group, and ‘UNC2546’.