CyberSecurity news

FlagThis - #threatintelligence

@blog.checkpoint.com //
Ransomware attacks have surged in 2025, evolving into more sophisticated and dangerous threats than ever before. What started as simple file encryption schemes has morphed into full-blown extortion ecosystems. These modern attacks now involve data exfiltration, public shaming of victims, and even DDoS attacks, marking a significant escalation in cybercriminal tactics. According to Check Point Research, the first quarter of 2025 saw a record-breaking 2,289 victims published on data leak sites, representing a staggering 126% year-over-year increase, demonstrating the growing threat volume and the evolving tactics employed by attackers.

The rise of Ransomware-as-a-Service (RaaS) has also significantly contributed to the increased threat landscape. Check Point's 2024 Annual Ransomware Report revealed that 46 new ransomware groups emerged in that year alone, a 48% increase compared to the previous year. These groups offer ready-made ransomware kits, lowering the barrier to entry for cybercriminals and enabling a wider range of actors to launch attacks. Experts are particularly concerned about the potential for "triple extortion" models, which combine DDoS attacks, public leak threats, and direct harassment of customers or partners to pressure victims into paying ransoms.

In addition to the increasing sophistication of ransomware itself, cybercriminals are also abusing legitimate tools to blend in with compromised environments. The Cactus ransomware gang, for example, has been known to direct victims to initiate Microsoft Quick Assist remote access sessions, even assisting them with the installation of the program. With Anti-Ransomware Day being on May 12, organizations are urged to prioritize proactive defenses, incident response planning, and employee awareness training to mitigate the growing risk of ransomware attacks in 2025 and beyond.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Check Point Blog: Ransomware Reloaded: Why 2025 Is the Most Dangerous Year Yet
  • www.kaspersky.com: The ransomware landscape in 2025 | Kaspersky official blog
  • Press Releases: KnowBe4 Predicts Agentic AI Ransomware Is Imminent on International Anti-Ransomware Day
Classification:
@cloud.google.com //
Google's Threat Intelligence Group (GTIG) has released its annual review of zero-day exploits, revealing a concerning shift towards enterprise-targeted attacks in 2024. The report highlights a persistent rise in zero-day exploitation, with 75 vulnerabilities actively exploited in the wild. While this number represents a decrease from the 98 exploits observed in 2023, it remains higher than the 63 recorded in 2022, indicating a continued upward trend. The GTIG's analysis divides these vulnerabilities into two main categories: end-user platforms and products, and enterprise-focused technologies such as security software and appliances.

Of the 75 zero-day exploits tracked in 2024, a significant 44% targeted enterprise products. This indicates a strategic shift from attackers who are increasingly recognizing the value in compromising systems that house sensitive data. In contrast, the exploitation of browsers and mobile devices has decreased, falling by about a third and half, respectively. This shift towards enterprise technologies suggests that attackers are focusing on more lucrative targets that offer greater potential rewards. The GTIG report also notes that exploit chains made up of multiple zero-day vulnerabilities continue to be almost exclusively used to target mobile devices.

Government-backed hackers and commercial surveillance vendors (CSVs) are the primary actors behind many of these exploits. The GTIG report indicates that governments like China and North Korea, along with spyware makers, are responsible for the most recorded zero-days in 2024. Specifically, at least 23 zero-day exploits were linked to government-backed hackers, with 10 directly attributed to governments including five linked to China and five to North Korea. Additionally, spyware makers and surveillance enablers were responsible for eight exploits, suggesting that the industry will continue to grow as long as government customers continue to request and pay for these services.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Threat Intelligence: Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
  • securityaffairs.com: Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis.
  • techcrunch.com: Governments like China and North Korea, along with spyware makers, used the most recorded zero-days in 2024.
  • The Hacker News: Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products
  • CyberInsider: The Google Threat Intelligence Group (GTIG) has published its annual review of zero-day exploits for 2024, revealing a gradual but persistent rise in zero-day exploitation and a concerning shift towards enterprise-targeted attacks.
  • The Register - Security: Enterprise tech dominates zero-day exploits with no signs of slowdown
  • cyberinsider.com: Google Logs 75 Zero-Days in 2024, Enterprise Attacks at All-Time High
  • securityonline.info: Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products
  • BleepingComputer: Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks.
  • www.techradar.com: Of all the zero-days abused in 2024, the majority were used in state-sponsored attacks by China and North Korea.
  • thecyberexpress.com: Google's Threat Intelligence Group (GTIG) released its annual analysis of zero-day exploitation, detailing how 2024 saw attackers increasingly target enterprise software and infrastructure over traditional consumer platforms like browsers and mobile devices.
  • cloud.google.com: Threat actors exploited 75 zero-days last year, with 33 of those targeting enterprise products
  • socradar.io: Google’s 2024 Zero-Day Report: Key Trends, Targets, and Exploits In late April, Google’s Threat Intelligence Group (GTIG) published its annual report on zero-day exploitation, offering a detailed account of in-the-wild attacks observed throughout 2024. The report draws on GTIG’s original breach investigations, technical analysis, and insights from trusted open-source reporting. GTIG tracked 75 zero-day vulnerabilities
  • Security Risk Advisors: Zero-Day Exploitation Continues to Grow with Shifting Focus Toward Enterprise Security Products
Classification:
Dhara Shrivastava@cysecurity.news //
February witnessed a record-breaking surge in ransomware attacks, fueled by the prolific activity of groups like CL0P, known for exploiting MFT vulnerabilities. The ransomware landscape is also seeing significant activity from groups like Akira and RansomHub.

Recent analysis reveals a notable development with the Black Basta and CACTUS ransomware groups, uncovering a shared BackConnect module. This module, internally tracked as QBACKCONNECT, provides extensive remote control capabilities, including executing commands and exfiltrating sensitive data. The Qilin ransomware group has also claimed responsibility for attacks on the Utsunomiya Central Clinic (UCC), a cancer treatment center in Japan, and Rockhill Women's Care, a gynecology facility in Kansas City, stealing and leaking sensitive patient data.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyble.com: February Sees Record-Breaking Ransomware Attacks, New Data Shows
  • The Register - Security: Qilin ransomware gang claims attacks on cancer clinic, OB-GYN facility
  • iHLS: Ransomware Group Targets Cancer Clinic, Exposes Sensitive Health Data
  • securityaffairs.com: Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024.
  • thecyberexpress.com: Ransomware attacks set a single-month record in February that was well above previous highs.
  • The DefendOps Diaries: Akira Ransomware: Unsecured Webcams and IoT Vulnerabilities
  • blog.knowbe4.com: A new report from Arctic Wolf has found that 96% of attacks now involve data theft as criminals seek to force victims to pay up.
  • DataBreaches.Net: The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim's network.
Classification: