A threat actor, tracked as "Fluffy Wolf," is spreading different types of malware using accounting report lures in a phishing campaign that relies on malicious and legitimate software. According to researchers from Bi.Zone, Fluffy Wolf's active phishing campaign shows how even unskilled threat actors can use Malware-as-a-Service (MaaS) models to execute successful cyberattacks. The campaign is currently aimed at Russian organizations but could expand to other regions.

According to the 2024 Thales Data Threat Report, ransomware attacks increased by 27 percent in 2023, with 8 percent of impacted organizations deciding to pay the demanded ransom. These numbers suggest that less than half of organizations have formal ransomware response plans in place. The report also cites malware as the fastest-growing threat, with 41 percent of companies reporting malware incidents in the past year. Phishing and ransomware attacks on cloud assets such as Software-as-a-Service (SaaS) applications and cloud-based storage are also growing.

The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and several other agencies in the US and around the world urge critical infrastructure leaders to protect their systems from the "Volt Typhoon" hacking group. Last month, they also warned that the Chinese hackers had breached multiple critical infrastructure organizations in the US, gaining access to at least one of them for at least five years before being detected.

According to a survey commissioned by Palo Alto Networks, many industrial organizations are hit with cyberattacks, which result in the shutdown of Operational Technology (OT) processes in a significant percentage of cases. The survey was conducted in December 2023, with nearly 2,000 respondents from 16 countries in the Americas, Europe, and the Asia-Pacific region. Three-quarters of respondents revealed they had detected malicious cyber activity in their OT environment.

Researchers have discovered a new variant of the "BunnyLoader" malware with a modular structure and improved evasion capabilities. In October 2023, Zscaler ThreatLabz researchers discovered BunnyLoader, a new Malware-as-a-Service (MaaS) advertised for sale in multiple cybercrime forums since September 4, 2023. The BunnyLoader malware loader is written in C/C++ and is available on several forums for $250 for a lifetime license. According to researchers, BunnyLoader is in rapid development, with the authors releasing multiple updates to implement new features and address bugs.

Recent cyberattacks on water plants have driven the US Environmental Protection Agency (EPA) to form a task force aimed at addressing the security risks that water infrastructure providers face. Attacks on US water and wastewater facilities could put a "critical lifeline" at risk and inflict significant costs on impacted communities, according to a letter from White House National Security Advisor Jake Sullivan and EPA Administrator Michael Regan to state governors.

Robert Purbeck, an Idaho man who hacked and extorted medical clinics and a police department, has pleaded guilty in Georgia federal court to computer fraud and abuse charges. According to a release from the Northern District of Georgia announcing the guilty plea, Purbeck, who used the aliases "Lifelock" and "Studmaster," stole the personal information of over 130,000 people. In 2017 and 2018, he purchased stolen credentials from the dark web and used them to infiltrate the networks of a medical clinic in Griffin, Georgia.

Google and Mozilla recently announced web browser security updates that address dozens of vulnerabilities, including one critical severity and multiple high-severity flaws.  Chrome 123 was released in the stable channel with patches for 12 bugs, seven of which were reported by external researchers.  According to Google, the most severe of these is CVE-2024-2625, a high-severity object lifecycle issue in the V8 JavaScript and WebAssembly engine.