All news with #threat report tag

🛡️ European defense and aerospace firms are being targeted in a renewed Operation Dream Job campaign attributed to North Korean-linked Lazarus actors, ESET reports. Active since March 2025, attackers use social-engineering job lures and trojanized documents to deploy ScoringMathTea and MISTPEN-like downloaders such as BinMergeLoader that abuse Microsoft Graph API. The goal is theft of proprietary UAV manufacturing know‑how and related intellectual property.

🔎 GTIG describes a targeted campaign by a Vietnam-based cluster tracked as UNC6229 that uses fake job postings on legitimate platforms to socially engineer remote digital advertising workers. Victims are enticed to open password-protected attachments or visit convincing phishing portals that harvest corporate credentials and can bypass MFA. The actors abuse reputable CRM and SaaS services to increase trust, deliver remote access trojans, and ultimately take over high-value advertising and social media accounts for sale or resale.

🛡️ ESET attributes a March 2025 wave of cyber-espionage against three European defense firms to the North Korea-aligned Lazarus Group, describing it as a renewed phase of Operation DreamJob. Targets tied to UAV development were lured with convincing fake job offers that delivered trojanized PDF readers and chained loaders. The primary payload, ScoringMathTea, is a remote access Trojan that provides attackers full control, and researchers found malicious components disguised as legitimate open-source tools.

🛡️ Microsoft said it disrupted a ransomware campaign that used fake Teams installers to deliver a backdoor and prepare for encryption operations. Attackers lured victims with impersonated MSTeamsSetup.exe files hosted on malicious domains, which installed a loader and a fraudulently signed Oyster backdoor. The group identified as Vanilla Tempest intended to follow with Rhysida ransomware. Microsoft revoked over 200 fraudulent code-signing certificates and says a fully enabled Defender Antivirus will block the threat.

🔍 North Korean-linked Lazarus actors ran an Operation DreamJob campaign in late March that targeted three European defense companies involved in UAV technology. Using fake recruitment lures, victims were tricked into installing trojanized open-source applications and plugins which loaded malicious payloads via DLL sideloading. Final-stage malware included the ScoringMathTea RAT, while an alternate chain used the BinMergeLoader (MISTPEN) to abuse Microsoft Graph API tokens. ESET published extensive IoCs to aid detection.

🔒 The average ransomware payment climbed to $3.6m in 2025, up from $2.5m in 2024, as attackers shift to fewer but more lucrative, targeted campaigns. ExtraHop's Global Threat Landscape Report found 70% of affected organisations paid ransoms, with healthcare and government incidents averaging nearly $7.5m each. The study highlights expanding risks from public cloud, third‑party integrations and generative AI, and urges organisations to map their attack surface, monitor internal traffic for lateral movement and prepare for AI‑enabled tactics.

🛡️ CrowdStrike’s 2025 ransomware survey finds that AI is compressing attacker timelines and enhancing phishing, malware creation, and social engineering, forcing defenders to react in minutes rather than hours. 78% of respondents reported a ransomware incident in the past year, yet fewer than 25% recovered within 24 hours and paying victims often faced repeat compromise and data theft. CISOs rank AI-enabled ransomware as their top AI-related security concern, and many organizations are accelerating adoption of AI detection, automated response, and improved training.

⚠️ The CrowdStrike State of Ransomware Survey reveals a sizable gap between organizational confidence and actual ransomware readiness. Half of 1,100 security leaders say they are "very well prepared," yet 78% were attacked in the past year and fewer than 25% recovered within 24 hours. The report warns that AI-accelerated attacks deepen this gap and recommends AI-native detection and response such as Falcon to regain the advantage.

🚨 Unit 42 observed renewed activity from Scattered LAPSUS$ Hunters in early October 2025, including leaked data claims, a defaced clearnet leak site, and announcements of an extortion-as-a-service offering. The actors set a self-imposed ransom deadline of Oct. 10, 2025 and claimed to have released data allegedly from six victim companies across aviation, energy and retail. Unit 42 recommends organizations prepare EaaS incident playbooks and engage third-party responders.

🔐 Microsoft Threat Intelligence analyzes how attackers target Azure Blob Storage across the full attack chain, emphasizing risks from exposed containers, compromised keys and SAS tokens, and abuse of automation such as Event Grid and Azure Functions. The blog maps these behaviors to the MITRE ATT&CK framework and illustrates tactics including data poisoning, covert C2 via metadata, and replication-based distribution. Microsoft recommends applying zero trust principles, enforcing least privilege with Microsoft Entra RBAC/ABAC, and enabling Defender for Storage with malware scanning, CSPM, and sensitive data discovery to detect, contain, and remediate storage-focused threats.

🔒 ESET's Cybersecurity Awareness Month 2025 video, presented by Chief Security Evangelist Tony Anscombe, explains why ransomware continues to threaten organizations large and small. Citing Verizon's 2025 DBIR and a Coalition Inc. study, it notes that 44% of breaches involved ransomware and 40% of insured victims paid ransoms. The video outlines common intrusion vectors and practical steps — backups, patching, access controls and training — organizations should take to improve resilience.

⚠️A new ISACA report identifies AI-driven social engineering as the top cyber threat for 2026, cited by 63% of nearly 3,000 IT and security professionals. The 2026 Tech Trends and Priorities report, published 20 October 2025, shows AI concerns outpacing ransomware (54%) and supply chain attacks (35%), while only 13% of organizations feel very prepared to manage generative AI risks. ISACA urges organizations to adopt AI governance, strengthen compliance amid divergent US and EU approaches, and invest in talent, resilience and legacy modernization.

🔒 This weekly recap highlights long-lived, stealthy intrusions and emerging tactics that are reshaping defender priorities. Chief among them, F5 disclosed a year-long breach involving the BRICKSTORM malware and stolen BIG-IP source material, while researchers uncovered new Linux rootkits such as LinkPro and campaigns abusing blockchain smart contracts for malware delivery. The report urges inventorying edge devices, prioritizing patches, and improving detection, baselining, and intelligence sharing.

🔒 The CrowdStrike 2025 APJ eCrime Landscape Report outlines a rapidly evolving criminal ecosystem across Asia Pacific and Japan, driven by regional marketplaces and increasingly automated ransomware. The report highlights active Chinese-language underground markets (Chang’an, FreeCity, Huione Guarantee) and the rise of AI-developed ransomware, with 763 APJ victims named on ransomware and dedicated leak sites between January 2024 and April 2025. It profiles local eCrime groups (the SPIDER cluster) and service providers such as Magical Cat and CDNCLOUD, and concludes with prioritized defenses for identity, cloud, and social-engineering resilience.

🔒 Microsoft's 2025 Digital Defense Report finds that most attacks aim to steal data for profit, with extortion and ransomware responsible for over 52% of incidents while espionage accounts for only about 4%. Covering July 2024–June 2025, the report highlights rising use of AI, automation, and off‑the‑shelf tools that enable scalable phishing, malware, and identity theft. Microsoft urges adoption of phishing‑resistant MFA, AI‑driven defenses, and strengthened cross‑sector collaboration to protect critical public services and build resilience.

🛡️ The Microsoft Digital Defense Report 2025 reveals Microsoft systems analyze more than 100 trillion security signals every day and warns that AI now underpins both defense and attack. The report describes adversaries using generative AI to automate phishing, scale social engineering and discover vulnerabilities faster, while autonomous malware adapts tactics in real time. Identity compromise is the leading vector—phishing and social engineering caused 28% of breaches—and although MFA blocks over 99% of unauthorized access attempts, adoption remains uneven. Microsoft urges board-level attention, phishing-resistant MFA, cloud workload mapping and monitoring, intelligence sharing and immediate AI and quantum risk planning.

🔍 The 2025 Insider Risk Report finds insider-driven data loss is widespread and costly, with 77% of organizations affected and many incidents stemming from human error or compromised accounts rather than malice. It warns that traditional DLP often lacks behavioral context and visibility across endpoints, SaaS, and GenAI. The report urges adoption of behavior-aware, AI-ready platforms and five practical practices to reduce false positives and prevent data loss.

🔍 Cyber criminals continue to favor familiar brands, with Microsoft used in 40% of all brand impersonation attempts in Q3 2025, according to Check Point Research’s Brand Phishing Report. Google represented 9% and Apple 6%, and together these tech giants comprised more than half of brand-related phishing activity. The findings highlight persistent targeting of the technology sector and underscore the need for stronger defenses and user awareness.

⚠️ A YouGov survey commissioned by the digital policy briefing Digitalwende for Süddeutsche Zeitung Dossier reports that 61% of more than 2,000 respondents view the threat from hybrid attacks as strong or very strong. The poll describes hybrid attacks as combinations of cyber operations, military actions and disinformation aimed at destabilizing societies. Perceived risk differs by party: Greens (72%), Union (71%), SPD (67%) and AfD (49%).

📊 The Identity Theft Resource Center (ITRC)'s Q3 2025 analysis found 835 publicly reported corporate data compromises in the United States, resulting in approximately 23 million victim notifications. That follows 1,732 incidents in H1 2025 and brings the year-to-date total to nearly 202 million victims. The report attributes 83% of breaches to cyber-attacks, highlights a rise in physical attacks, and criticizes the increasing frequency of notices that omit details about the cause. Major victims this quarter included Anne Arundel Dermatology, DaVita, TransUnion and several large healthcare providers.