Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Although 2024 began with a Q1 decline in the frequency of ransomware attacks, the second quarter was underscored by a return to a much more intimidating world of ransomware attacks globally, and the third quarter continues the trend of the second. In Q2 2024, the number of attacks stood at 1,277 cases, but Q3 saw a small decrease of 5.5% with 1209 cases.

The Trinity ransomware gang is launching double-extortion attacks against organizations in the healthcare sector, according to an advisory from the US Department of Health and Human Services (HHS). The ransomware gains initial access via phishing emails or software vulnerabilities. “Trinity ransomware was first seen around May 2024,” the advisory says.

According to Cybersecurity Ventures, more than half of the world’s data will be stored in the cloud by 2025. With this growth comes a new challenge: understanding where your cloud data lives, what it contains, and how to ensure it is properly protected. The mass storage capabilities of the cloud means it’s easy to drop data wherever you want. It’s also easy to forget to clean up that data or set up backups where that data is required.

In the ever-evolving landscape of cybercrime, malware-as-a-service (MaaS) has emerged as a lucrative business for cybercriminals. One of the most notorious examples is Raccoon Infostealer, malware designed to harvest personal and financial information from unsuspecting victims worldwide. The mastermind behind this operation, a Ukrainian national named Mark Sokolovsky, recently pleaded guilty in a U.S. federal court to his role in the cybercrime network.

Cato CTRL security researchers have recently discovered a threat actor, ProKYC, selling a deepfake tool in the cybercriminal underground that helps threat actors beat two-factor authentication (2FA) for conducting account fraud attacks. The tool being sold is customized to target cryptocurrency exchanges—specifically ones that authenticate new users leveraging a government-issued document and by enabling the computer’s camera to perform facial recognition.

In the ever-evolving landscape of cybersecurity threats, the DragonForce ransomware group has quickly become a serious menace to organizations worldwide. First discovered in August 2023, DragonForce has made headlines by leveraging two powerful ransomware variants—a fork of the infamous LockBit3.0 and a modified version of ContiV3.

In February of 2024, SenseOn was contacted to assist with investigating suspicious activity on a customer’s estate. SenseOn analysts quickly identified a malware infection and identified the variant as SocGholish. This blog will showcase SenseOn’s detection and response capabilities against the malware and a breakdown of SocGholish’s techniques and that of the threat actor observed.

This report is the latest in a series that will delve into the deep research the Trustwave SpiderLabs Threat Intelligence team conducts daily on the major threat actor groups currently operating globally. The information gathered is part of a data repository that helps Trustwave SpiderLabs identify possible intrusions as it conducts threat hunts, vulnerability scans, and other offensive and defensive security tasks.

Trustwave's Threat Intelligence team has discovered a new malware dubbed Pronsis Loader, with its earliest known variant dating back to November 2023. This loader shares similarities with the D3F@ck Loader , which surfaced in January 2024. Pronsis Loader has been observed delivering different malware variants, including Lumma Stealer and Latrodectus as its primary payloads. Additionally, the team identified infrastructure linked to Lumma Stealer during the investigation.