A new Vipre Security Group study brings further attention to the use of Artificial Intelligence (AI) tools increasing Business Email Compromise (BEC) attacks. According to the company's "Email Threat Trends Report: Q2 2024," 226 million spam messages and nearly 17 million malicious URLs were detected in 1.8 billion emails processed by the vendor during Q2. Forty-nine percent of these blocked spam emails were BEC attacks. Vipre observed a 20 percent rise in BEC attacks. This article continues to discuss the increase in BEC attacks due to AI tools.

According to Microsoft, an implementation error amplified the impact of a recent Distributed Denial-of-Service (DDoS) attack that disrupted Azure cloud services for nearly eight hours. The attack affected Azure App Services, Azure IoT Central, Application Insights, Log Search Alerts, and other Azure offerings. The disruption also affected the main Azure portal and some Microsoft 365 and Microsoft Purview data-protection services. This article continues to discuss the DDoS attack, inadvertent errors in DDoS mitigation, and the adoption of "smash and grab" tactics in DDoS attacks.

Over the past year, "UNC4393," a threat group that infects targets with the "Basta" ransomware, has changed how it gains initial access to victims. The threat group previously relied on existing "Qakbot" infections, delivered through phishing attacks, for initial access. After US law enforcement took down Qakbot infrastructure last year, the threat group shortly used "DarkGate" malware as an initial access loader before switching to the "SilentNight" backdoor this year. According to Mandiant researchers, malvertising has driven this year's SilentNight surge.

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement (PSA) titled "Just So You Know: DDoS Attacks Could Hinder Access to Election Information, Would Not Prevent Voting." The publication, released as part of their PSA series for the 2024 election cycle, warns that Distributed Denial-of-Service (DDoS) attacks on election infrastructure or adjacent infrastructure supporting election operations could interfere with public access to election information but would not affect the security

There has been a rise in state-sponsored cyberattacks on the shipping industry. According to NHL Stenden University of Applied Sciences research recently cited by the Financial Times, the shipping industry faced at least 64 cyber incidents in 2023. Over 80 percent of the incidents logged since 2001 involving a known attacker stemmed from Russia, China, North Korea, or Iran. This article continues to discuss the spike in cyberattacks faced by the shipping sector.

According to Zscaler ThreatLabz, a Fortune 50 company paid a record $75 million ransom to the "Dark Angels" ransomware group. Previously, the largest known ransom payment was $40 million by the insurance company CNA after an "Evil Corp" ransomware attack. Zscaler ThreatLabz did not reveal which Fortune 50 company paid the $75 million ransom, but it was confirmed that the attack occurred in early 2024. Dark Angels began targeting companies worldwide with ransomware in May 2022.

Researchers have discovered two vulnerabilities that could allow threat actors to abuse hosted email services in order to spoof the sender's identity and evade protections. The identified vulnerabilities impact millions of domains. The CERT Coordination Center (CERT/CC) at Carnegie Mellon University warns that authenticated attackers can spoof the identity of a shared, hosted domain and use network authorization to spoof the email sender. The flaws stem from the failure of many hosted email services in properly verifying trust between the authenticated sender and their allowed domains.

A malicious package named "zlibxjson version 8.2," has been discovered in the PyPI repository. The package was detected by Fortinet's Artificial Intelligence (AI)-powered OSS malware detection system on July 3, 2024, closely following its release on June 29, 2024. The package downloaded multiple files, including a PyInstaller-packed executable (.exe) that revealed several Python and DLL files when unpacked. This article continues to discuss findings regarding the new malicious PyPI package.

The North Korea-linked "DEV#POPPER" malware campaign targeting software developers has expanded its focus on Windows, Linux, and macOS systems with new malware and tactics. The campaign targeted victims in South Korea, North America, Europe, and the Middle East. Securonix researchers called this attack an advanced form of social engineering that manipulates people into disclosing confidential information or performing actions they would not usually take. This article continues to discuss findings regarding the ongoing DEV#POPPER malware campaign.

"SMS Stealer" is a novel malware with more than 107,000 samples that has been targeting Android devices for over two years. It steals SMS messages to obtain One-Time Passwords (OTPs) and other sensitive user data. According to researchers at Zimperium zLabs, SMS Stealer spreads through dynamically changing mobile apps distributed via Telegram messages or ads for legitimate apps. This article continues to discuss findings regarding the SMS Stealer malware.