3AM is a new ransomware family that was detected in a single incident where an unidentified affiliate attempted to deliver LockBit, attributed to Bitwise Spider or Syrphid, to the target network but failed. According to the Symantec Threat Hunter Team, 3AM is written in Rust and appears to be a brand-new malware family. Before encrypting files, the ransomware tries to disable multiple services on the infected computer. Once encryption is complete, Volume Shadow (VSS) copies are deleted. The new ransomware family's name derives from its ransom note.

A threat actor known for providing ransomware groups with initial access to enterprise systems has used Microsoft Teams to phish employees. According to Microsoft threat researchers, Storm-0324 likely relies on the publicly available TeamsPhisher tool for this activity. Storm-0324 is a temporary name designated by Microsoft to this threat actor, suggesting that the company is still not highly confident about the origin or identity of the actor behind the operation.

Online ads are often leveraged in personal cyberattacks, which can lead to the download of unwanted software and other malicious files. Researchers at the Georgia Institute of Technology are fighting deceptive online ads with an innovative solution designed to combat the growing threat of online social engineering attacks by eliminating them at their source. Trident, developed by Ph.D. student Zheng Yang and his team of researchers, is an add-on compatible with Google Chrome and has been shown to block these ads by nearly 100 percent.

Using Wi-Fi signals, scientists have developed a technology that enables people to see objects and read letters through walls. The system, developed by UC Santa Barbara researchers, traces the edges of objects on the opposite side of solid barriers. In one experiment, the team used the technology to decipher the word "BELIEVE" from the other side of a wall by imaging each letter individually. Three off-the-shelf Wi-Fi transmitters were used to send wireless waves in an area. The receivers were on an unmanned vehicle emulating a Wi-Fi receiver grid as it moved.

The National Security Agency (NSA) and US federal agency partners have issued new guidance regarding deepfakes. This emerging threat may pose a cybersecurity challenge for National Security Systems (NSS), the Department of Defense (DoD), and Defense Industrial Base (DIB) organizations. They issued the Cybersecurity Information Sheet (CSI) "Contextualizing Deepfake Threats to Organizations" to help organizations identify, defend against, and respond to deepfake threats.

Georgia Tech's Cyber Forensics Innovation (CyFI) Lab discovered that Web App Engaged (WAE) malware has increased by 226 percent since 2020. Therefore, the team created a tool that enables cybersecurity incident responders to purge almost 80 percent of discovered WAE malware by teaming up with service providers. Ph.D. student at Georgia Tech Mingxuan Yao noted that web applications have become integral to our online lives, providing services such as content delivery, data storage, and social networking, but these utilities have made web applications attractive for malware creators.

Brief articles on areas of concern or interest in SoS. They are indexed below.

Cyber Scene articles are intended to provide an informative, timely backdrop of events, thinking, and developments that feed into the technological advancement of Science of Security (SoS) collaboration and extend its outreach. They are indexed below.

Brief articles on current cybercriminal activities. They are indexed below.

Air Canada recently announced that the personal information of some employees was accessed in a recent cyberattack.  Canada’s national airline announced that a threat actor obtained limited access to one of its internal systems that contained “limited personal information of some employees and certain records  .”Air Canada noted that the incident did not impact its flight operations systems.  Furthermore, the company says, customer facing systems were not accessed, and no customer information was compromised in the attack.