Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ransomware has a long history, first established in 1989 with the introduction of the AIDS Trojan, of use by criminals to force organizations and regular people to hand over money. Trustwave SpiderLabs follows the continuously changing history of ransomware and those behind the malware in Energy and Utilities Sector Deep Dive: Ransomware Threat Groups, a supplementary report to the team’s just released 2025 Trustwave Risk Radar Report: Energy and Utilities Sector.

Increasing frequency, new threat groups emerging, the rise of ransomware-as-a-service (RaaS) attack model, and third-party attacks are just a few of the dangerous trends Trustwave SpiderLabs details in Energy and Utilities Sector Deep Dive: Ransomware Trends. This report supplements the just released 2025 Trustwave Risk Radar Report: Energy and Utilities Sector. This broader and more comprehensive report analyzes the energy and utilities sector’s major threats and trends.

Summary FunkSec is a new ransomware group that came into the spotlight after attacking many sectors around the world. The group runs a data leak site on Tor. Funksec employees conduct double extortion attacks, which means hackers encrypt and exfiltrate data from the victim to extort them for paying ransom to the attackers.

In January, Netskope Threat Labs observed a new malware campaign using fake CAPTCHAs to deliver Lumma Stealer. Lumma is a malware that works in the malware-as-a-service (MaaS) model and has existed since at least 2022. The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world.

Researchers at Malwarebytes are tracking a major malvertising campaign that’s abusing Google Ads to target individuals and businesses interested in advertising. The threat actors are using compromised Google Ads accounts to run ads that impersonate Google, leading victims to a fake Google login page designed to steal their credentials.

FunkSec ransomware threatens victims globally, malvertising scam targets Google Ads users, and threat actors use fake software and installers to push malware.

The process of crafting new malware detection features is usually time-consuming and requires extensive domain knowledge outside the expertise of many machine learning practitioners. These factors make it especially difficult to keep up with a constantly evolving threat landscape. To mitigate these challenges, the CrowdStrike Data Science team explored the use of deep learning to automatically generate features for novel malware families.

We are excited to announce the integration of the CelesTLSH Malware Scanner into the LimaCharlie ecosystem. Developed by Magonia Research, CelesTLSH enhances your security operations by scanning files collected via the BinLib extension. It identifies known malware and threat actor tools through advanced fuzzy hashing techniques.