Experts warn that the ransomware ecosystem has changed significantly in 2024, and organizations must adapt their defenses. Bitdefender Technical Solutions Director Martin Zugec calls on the security community to forget what they know about ransomware and learn how new groups are changing the game. According to Zugec, the recent collapse of two leading Ransomware-as-a-Service (RaaS) operators, "LockBit" and "BlackCat," prompted this change. Law enforcement took down LockBit infrastructure in February 2024.

According to former National Cyber Security Centre CEO Ciaran Martin, the "Qilin" Ransomware-as-a-Service (RaaS) group is believed to have been behind the recent cyberattack that forced multiple London hospitals to declare a state of emergency. Qilin typically targets high-value targets and launches double extortion attacks against the healthcare and education sectors. A Cyberint analysis found that the Qilin ransomware has Golang and Rust variants, with the Rust variant being more evasive, customizable, and hard to decipher.

Akamai warns that two Remote Code Execution (RCE) vulnerabilities in ThinkPHP that were patched five years ago are being exploited in a new wave of attacks. The bugs, publicly disclosed in late 2018 and early 2019, affect Content Management Systems (CMS) using older versions of the popular open source web application framework. A Chinese-speaking threat actor has exploited the flaws to fetch a file from a likely compromised server in China and deploy a web shell on vulnerable servers in two attack campaigns.

"Muhstik," a Distributed Denial-of-Service (DDoS) botnet, exploited a now-patched Apache RocketMQ security flaw to co-opt vulnerable servers and grow. According to researchers at Aqua, Muhstik targets Internet of Things (IoT) devices and Linux-based servers, infecting and using devices for cryptocurrency mining and DDoS attacks. This article continues to discuss findings regarding the Muhstik botnet.

THN reports "Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks"

ConnectWise reports that 94 percent of small and midsize businesses (SMBs) have faced at least one cyberattack, up from 64 percent in 2019. SMBs are losing confidence in their ability to protect their businesses, with 78 percent worried that a severe cyberattack could shut them down. This growing fear is forcing SMBs to rethink and strengthen their cybersecurity strategies to protect data, maintain customer trust, and innovate. This article continues to discuss key findings from ConnectWise regarding the state of SMB cybersecurity.  

According to security researchers at Artic Wolf Labs, a new ransomware operation named "Fog," launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organizations in the U.S.  The ransomware operation has not yet set up an extortion portal, and data has not been observed being stolen.  During attacks, the researchers noted that Fog's operators accessed victim environments using compromised VPN credentials from at least two different VPN gateway vendors.

Researchers have proven the possibility of secure quantum encryption. Computer tasks such as sending private messages rely on encryption to protect user data. That encryption must withstand attacks from codebreakers with their own computers. Therefore, modern encryption methods rely on assumptions about mathematical problems that are hard for computers to solve. In the 1980s, cryptographers set mathematical foundations for this information security approach, but some researchers discovered that computational hardness was not the only way to protect secrets.

Google and Microsoft warn of increased cyber threats, especially from Russia, to the 2024 Paris Olympics. Google Cloud's Mandiant cybersecurity team warns of espionage, disruption, destruction, hacktivism, influence, and financial threats to the 2024 Paris Olympics. Olympics-related cyber threats could impact event organizers, sponsors, ticketing systems, Paris infrastructure, athletes, and spectators. Mandiant warns that Russian threat groups pose a major threat to the Olympics, while state-sponsored actors from China, Iran, and North Korea pose a moderate to low risk.

At Infosecurity Europe 2024, Veracity Trust Network CEO Nigel Bridges warned that Artificial Intelligence (AI) will likely increase the threat of malicious bots to online businesses. Veracity found that bots made up almost 50 percent of web traffic in 2022, with over 30 percent being malicious. Bots targeting financial services perform account takeover, card cracking, and content scraping. Bridges added that cybercriminals and nation-states have used AI to scale bot automation. This article continues to discuss insights regarding malicious bots.

The US Justice Department recently announced that it has filed a civil forfeiture action in an attempt to recover more than $5.3 million lost by a Massachusetts workers union in a business email compromise (BEC) scam. The union was not named but is located in Dorchester and lost the money in January 2023, when cybercriminals sent it an email that appeared to come from a trusted investment consulting firm. The scammers used a spoofed email address to trick the workers union into believing that the investment consulting firm was requesting the transfer of $6.4 million to a different