Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When I started learning about cybersecurity, I thought it was only about firewalls and antivirus software. I didn’t know how fast things change and threats evolve. Whenever I felt like I had a handle on things, something new came in headlines: ransomware, phishing kits, zero-day attacks. It’s a lot. If you work in tech, you’ve probably felt that too. Even if cybersecurity isn’t your full-time job, it still touches everything. And keeping up with everything is not easy.

Ransomware attacks are projected to occur every 2 seconds by 2031, up from every 11 seconds in 2021. Organizations paid approximately $813.55 million to ransomware groups in 2024. Email remains the primary attack vector, with malicious attachments twice as common as phishing links. Organizations with compromised backups face $3M average recovery costs, with 45% requiring more than a month to recover. Active ransomware groups increased 55% from Q1 2023 (29) to Q1 2024 (45).

Arctic Wolf has recently observed the distribution of a trojanized RVTools installer via a malicious typosquatted domain. The domain matches the legitimate domain, however, the Top Level Domain (TLD) is changed from.com to.org. RVTools is a widely used VMware utility for inventory and configuration reporting, developed by Robware. Once the malicious installer was downloaded, the installer attempts to make outbound connections to known command and control infrastructure.

Bumblebee is a downloader malware which has become known for its sophistication and effectiveness. The malware was first discovered in 2022 and was believed to be a tool for ransomware groups due to the developer’s close ties with Conti. Since then, it has been used in various attacks and has been delivered through multiple methods, including phishing emails, malicious documents, and SEO poisoning.

Scattered Spider, aka UNC3944, is switching the focus of its retail-oriented attacks from the UK market to the US, according to published reports. At this time, no US retailers have been named as targets, but the alleged Scattered Spider activity is a clear sign retailers in the US and worldwide need to prepare.

A newly identified strain of commodity ransomware named Mamona has emerged in the cybercriminal underground. This threat diverges from typical ransomware-as-a-service (RaaS) models by functioning entirely offline, relying on custom-built cryptographic routines and deploying no external command-and-control (C2) infrastructure.

Malware—short for malicious software and malicious programs—is one of the most dangerous cybersecurity threats today. From computer viruses and spyware to ransomware and trojans, these harmful programs are designed to: Cybercriminals are constantly developing new and more advanced forms of malware. Every single day, over half a million new malware samples are discovered globally, showing just how fast these threats are evolving. For businesses, the consequences can be severe.

Luna Moth threatens U.S. legal and financial firms, Venom Spider targets hiring managers and recruiters, and StealC malware receives new upgrades.

In Part 1 of this blog series The Ransomware Threat: Preparing Schools and Libraries for Ransomware Attacks, we discussed creating a pre-incident plan that includes a backup process, asset management, identity and access management, risk-based vulnerability management, and security awareness training to minimize the risk of ransomware attacks.