Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Imagine walking into a trusted bank, only to be handed counterfeit money by employees who don’t realize it’s fake. This is similar to a growing trend that’s emerging in the threat landscape. Threat actors are leveraging trusted cloud infrastructure platforms to host fake reCAPTCHA pages designed to deceive unsuspecting victims into executing malicious commands through the Windows Run dialog—specifically targeting high-access users within organizations to escalate privileges.

Since mid-2024, Bitsight has been collaborating with Microsoft’s Digital Crimes Unit and other partners to dismantle the operational capabilities of Lumma Stealer (LummaC2) — currently the most widely distributed information stealer. Early this week, a coordinated action was carried out to disrupt its operations and take down the supporting malware infrastructure.

The summer travel season is almost here, and travelers worldwide are in the process of booking their holidays, thus placing some of their most vital personal and financial information into the hands of the hospitality industry. A fact not lost to threat actors who thrive on gaining access and stealing this data.

Recent research by Comparitech reveals the shocking truth about ransomware attacks on government entities; they have a longer impact than anyone thought. Tracking over 1100 government-targeted ransomware attacks over a period of six years, researchers discovered that each day of downtime cost entities nearly $83,600, and that in each attack the downtime lasted for an average of 27.8 days.

If you’ve been following major cybersecurity incidents over the past couple of years, chances are you’ve come across the name Scattered Spider. From massive casino breaches to healthcare system outages, this threat actor has become a name that CISOs don’t take lightly. But what is Scattered Spider, really? And why is this group of cybercriminals getting so much attention? Scattered Spider is a financially motivated group that came into focus around 2022.

When I started learning about cybersecurity, I thought it was only about firewalls and antivirus software. I didn’t know how fast things change and threats evolve. Whenever I felt like I had a handle on things, something new came in headlines: ransomware, phishing kits, zero-day attacks. It’s a lot. If you work in tech, you’ve probably felt that too. Even if cybersecurity isn’t your full-time job, it still touches everything. And keeping up with everything is not easy.

Ransomware attacks are projected to occur every 2 seconds by 2031, up from every 11 seconds in 2021. Organizations paid approximately $813.55 million to ransomware groups in 2024. Email remains the primary attack vector, with malicious attachments twice as common as phishing links. Organizations with compromised backups face $3M average recovery costs, with 45% requiring more than a month to recover. Active ransomware groups increased 55% from Q1 2023 (29) to Q1 2024 (45).

Arctic Wolf has recently observed the distribution of a trojanized RVTools installer via a malicious typosquatted domain. The domain matches the legitimate domain, however, the Top Level Domain (TLD) is changed from.com to.org. RVTools is a widely used VMware utility for inventory and configuration reporting, developed by Robware. Once the malicious installer was downloaded, the installer attempts to make outbound connections to known command and control infrastructure.