Threat Briefing: September 27, 2024

Ransomware continues to be a major concern in cybersecurity. A 2023 report from the Ransomware Task Force revealed that ransomware incidents affected over 6,500 victims globally, with cybercriminals heavily targeting U.S. organizations.  The threat extends worldwide, impacting more than 100 countries last year alone.

The solutions provided by technology and cybersecurity companies play a crucial role in helping organizations protect against these attacks. This week, two leading companies, which have faced product issues in recent months, announced changes to enhance security and customer experience.

• Ransomware Attacks Identified in 117 Countries in 2023 – According to a report from the Ransomware Task Force, over 6,500 victims were affected globally in 2023, representing a 73% increase in ransomware attacks compared to 2022. These attacks were carried out by 66 different ransomware groups, with LockBit and AlphV being the most active. The frequency of ransomware attacks peaked in June and July, while regions in South Asia and South America experienced a notable rise in activity throughout the year. The Record
• Microsoft Announces New Executives and Cybersecurity Governance Council to Support Secure Future Initiative – As part of its ongoing efforts to strengthen security, Microsoft has appointed new Deputy CISOs for key areas such as Azure, AI, and Threat Landscape. These leaders will meet regularly to assess the progress of the Secure Future Initiative and drive technical improvements across the company, reinforcing Microsoft’s commitment to enhancing cybersecurity. Security Week
• RomCom Malware Launches New “SnipBot” for Espionage – First detected in December, SnipBot is an updated version of RomCom 3.0, a remote access trojan (RAT). RomCom has been previously used in cyber-espionage campaigns targeting the Ukrainian government and its supporters, and for deploying ransomware. The SnipBot variant has been spread through phishing emails containing malicious PDF attachments, continuing the malware’s role in espionage activities. Dark Reading
• CrowdStrike Enhances Update Testing and Deployment Process After Summer Setbacks – Following issues with the deployment of Rapid Response Content in July 2024, CrowdStrike is refining its approach by implementing a gradual rollout for future updates. The company is also improving its testing procedures to prevent similar issues and is working to provide customers with greater control over configuration updates, ensuring a smoother and more reliable update experience. Security Week
• G7 Cyber Expert Group Urges Financial Institutions to Address Quantum Computing Risks – The group emphasized the importance of preparing for the potential threats posed by quantum computing. One major concern is the “harvest now, decrypt later” strategy, where cyber actors steal encrypted financial data now with plans to decrypt it once quantum computing becomes more accessible. The G7 group recommends that financial institutions transition to quantum-resistant technologies and thoroughly understand the cryptographic methods they are using to mitigate future risks. The Record