All news in category “Threat and Trends Reports”

🔒 The CrowdStrike 2025 APJ eCrime Landscape Report outlines a rapidly evolving criminal ecosystem across Asia Pacific and Japan, driven by regional marketplaces and increasingly automated ransomware. The report highlights active Chinese-language underground markets (Chang’an, FreeCity, Huione Guarantee) and the rise of AI-developed ransomware, with 763 APJ victims named on ransomware and dedicated leak sites between January 2024 and April 2025. It profiles local eCrime groups (the SPIDER cluster) and service providers such as Magical Cat and CDNCLOUD, and concludes with prioritized defenses for identity, cloud, and social-engineering resilience.

🛡️ Google Threat Intelligence Group (GTIG) reports that North Korean-linked UNC5342 is using a method called EtherHiding to deliver malware and facilitate cryptocurrency theft by embedding encrypted payloads in smart contracts on Ethereum and BNB Smart Chain. The technique turns immutable contracts into resilient, hard-to-takedown command-and-control infrastructure. Initial lures include fake recruiter messages, poisoned npm packages and malicious GitHub repositories; a JavaScript downloader named JADESNOW fetches and decrypts subsequent backdoors such as INVISIBLEFERRET.

🔍 FortiGuard Labs observed a January 2025 campaign that began with Winos 4.0 infections in Taiwan and evolved into a cross‑regional HoldingHands operation affecting China, Taiwan, Japan, and Malaysia. The actor uses phishing PDFs, cloud-hosted and bespoke domains, and multi-stage loaders that leverage Windows Task Scheduler to evade detection. Shared infrastructure, reused code (including digital signatures and debug paths), and repeated JavaScript download scripts link disparate samples, and Fortinet provides detections, IOCs, and mitigation guidance.

🔍 Hidden blocks of links embedded on corporate websites can quietly erode search rankings and damage reputation by pointing to dubious domains such as pornography or gambling. Invisible to users but parsed by search engines and security tools, these links divert link equity and often trigger algorithmic penalties. Attackers inject them via compromised admin credentials, vulnerable CMS components, infected templates, or breached hosting. Regular updates, strict access controls, routine audits, backups, and mandatory 2FA help prevent and limit impact.

⚠️Researchers used a commercial off-the-shelf satellite dish to perform the most comprehensive public study yet of geostationary satellite communications. They discovered a shockingly large volume of sensitive traffic—critical infrastructure telemetry, internal corporate and government communications, private voice calls and SMS, and consumer Internet streams such as in-flight Wi‑Fi—being broadcast unencrypted. Much of this data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware, and a single transponder's footprint may cover up to 40% of the Earth's surface.

🔐 Enterprises acknowledge that quantum computing threatens current public-key cryptography, yet progress toward post-quantum cryptography (PQC) is uneven and slow. A PwC report finds fewer than 10% prioritize PQC in budgets, only 3% have fully implemented leading measures, 29% are piloting, and 49% have not started. Financial services, government, telecom and cloud are moving faster, while manufacturing, healthcare and industrial sectors lag due to legacy systems, skills shortages, and standards uncertainty. Experts advise inventories, pilot programs, crypto agility, and investment before the 2030 deprecation deadline to avoid 'harvest now, decrypt later' risks.

🔒 Infostealers are fuelling today’s ransomware wave and the resulting stealer logs are widely available on the dark web, sometimes for as little as $10. At ISACA Europe 2025, Tony Gee of 3B Data Security urged security teams to adopt targeted technical controls in addition to baseline measures like zero trust and network segmentation. He recommended six practical defenses — including regular password rotation, FIDO2-enabled MFA, forced authentication, shorter session tokens, cookie replay detection and impossible-travel monitoring — to reduce the usefulness of stolen credentials and session data.

🔒 The Microsoft Digital Defense Report 2025 finds Germany was the most targeted EU country in the first half of 2025, receiving 3.3% of global cyberattacks. Attackers are driven more by profit than espionage, with ransomware used in 52% of incidents and pure espionage accounting for 4%. The report highlights threats linked to Russia, China, North Korea and Iran and recommends MFA—which can block 99.9% of credential-based attacks.

🔒 The CISO role has evolved from a primarily technical post into a broad enterprise leadership responsibility. Foundry’s 2025 Security Priorities Study shows many security leaders now brief boards multiple times a month and oversee areas beyond cybersecurity, including risk, compliance, privacy, and AI oversight. This shift requires stronger strategic communication and executive influence in addition to operational expertise.

🔒 Microsoft's 2025 Digital Defense Report finds that most attacks aim to steal data for profit, with extortion and ransomware responsible for over 52% of incidents while espionage accounts for only about 4%. Covering July 2024–June 2025, the report highlights rising use of AI, automation, and off‑the‑shelf tools that enable scalable phishing, malware, and identity theft. Microsoft urges adoption of phishing‑resistant MFA, AI‑driven defenses, and strengthened cross‑sector collaboration to protect critical public services and build resilience.

🛡️ The Microsoft Digital Defense Report 2025 reveals Microsoft systems analyze more than 100 trillion security signals every day and warns that AI now underpins both defense and attack. The report describes adversaries using generative AI to automate phishing, scale social engineering and discover vulnerabilities faster, while autonomous malware adapts tactics in real time. Identity compromise is the leading vector—phishing and social engineering caused 28% of breaches—and although MFA blocks over 99% of unauthorized access attempts, adoption remains uneven. Microsoft urges board-level attention, phishing-resistant MFA, cloud workload mapping and monitoring, intelligence sharing and immediate AI and quantum risk planning.

🔐 Since late 2023, Mandiant and the Google Threat Intelligence Group tracked UNC5142, a financially motivated cluster that compromises vulnerable WordPress sites to distribute information stealers. The actor's CLEARSHORT JavaScript loader uses Web3 to query smart contracts on the BNB Smart Chain that store ABIs, encrypted landing pages, AES keys, and payload pointers. By employing a three-contract Router-Logic-Storage design and abusing legitimate hosting (Cloudflare Pages, GitHub, MediaFire), operators can rotate lures and update payload references on-chain without changing injected scripts, enabling resilient, low-cost campaigns that GTIG found on ~14,000 injected pages by June 2025 and which showed no on-chain updates after July 23, 2025.

🔍 The 2025 Insider Risk Report finds insider-driven data loss is widespread and costly, with 77% of organizations affected and many incidents stemming from human error or compromised accounts rather than malice. It warns that traditional DLP often lacks behavioral context and visibility across endpoints, SaaS, and GenAI. The report urges adoption of behavior-aware, AI-ready platforms and five practical practices to reduce false positives and prevent data loss.

🔍 Cyber criminals continue to favor familiar brands, with Microsoft used in 40% of all brand impersonation attempts in Q3 2025, according to Check Point Research’s Brand Phishing Report. Google represented 9% and Apple 6%, and together these tech giants comprised more than half of brand-related phishing activity. The findings highlight persistent targeting of the technology sector and underscore the need for stronger defenses and user awareness.

⚠️ A YouGov survey commissioned by the digital policy briefing Digitalwende for Süddeutsche Zeitung Dossier reports that 61% of more than 2,000 respondents view the threat from hybrid attacks as strong or very strong. The poll describes hybrid attacks as combinations of cyber operations, military actions and disinformation aimed at destabilizing societies. Perceived risk differs by party: Greens (72%), Union (71%), SPD (67%) and AfD (49%).

🔐 The arrival of cryptographically relevant quantum computers will create a "silent boom" where adversaries can capture encrypted traffic today and decrypt it later, making intrusions neither observed nor observable. This undermines traditional incident response and shifts responsibility to engineering teams, not a vendor checkbox. Organizations must pursue quantum readiness by engaging developers to inventory algorithms and data, assess internet-facing assets for PQC support, and build testing capability for new ciphers within their release cycles.

🪙Cryptocurrency ATMs are being used as vectors for fraud and exploitation, with operators charging steep, often opaque fees that compound victims’ losses. Scammers frequently direct victims to ATMs to purchase crypto on their behalf, effectively outsourcing the money transfer while the ATM companies continue to profit. At best, operators appear indifferent to the harm caused; regulators and industry participants need clearer accountability and consumer protections to address these systemic issues.

🔍 Talos uncovered a campaign linked to the DPRK-aligned cluster Famous Chollima that used a trojanized Node.js package and a malicious VS Code extension to deliver merged BeaverTail and OtterCookie tooling. The combined JavaScript payloads include a newly observed keylogger and screenshot module alongside clipboard theft, targeted file exfiltration, remote shell access, and cryptocurrency extension stealing. Indicators, C2 addresses, Snort/ClamAV detections, and mitigation guidance are provided.

🔔 This week’s ThreatsDay bulletin highlights a historic U.S. DOJ seizure of roughly $15 billion in cryptocurrency linked to an alleged transnational fraud network, alongside active commodity malware, phishing-as-a-service, and novel abuses of legitimate tools. Notable incidents include the Brazil-distributed Maverick banking trojan spread via a WhatsApp worm, consumer-grade interception of geostationary satellite traffic, and UEFI BombShell flaws enabling bootkit persistence. Priorities: identity resilience, patching, and monitoring of remote-access and cloud services.

🛡️ Minecraft mods can enhance gameplay but also serve as vectors for malware. This article explains how threat actors disguise Trojans, infostealers, ransomware and cryptominers as mods or cheat tools and distribute them via GitHub, mod repositories and forums. It outlines practical precautions — sourcing mods from trusted repositories, checking developer reputation and file types, using non-admin accounts, backups and security software — and steps to take if a mod is suspected malicious.