Getty Images
News brief: Cyberattack trends signal security arms race
Check out the latest security news from the Informa TechTarget team.
Generic spray-and-pray phishing attacks, such as the Nigerian prince scams that were fairly easy to identify, have rapidly evolved into targeted, convincing business email compromise attacks.
Ransomware has advanced from locker strains that prevented users from accessing their systems -- something remedied by backups -- to triple extortion ransomware attacks that lock devices, encrypt data, extort data and even conduct DDoS attacks.
These are just two examples of how the cat-and-mouse game between malicious hackers and enterprise security defenders has changed over the years. As soon as enterprises deploy new defenses, attackers find ways to circumvent them. Then defenders figure out how to remedy those, after which attackers learn to overcome the new defenses -- and the vicious cycle repeats endlessly.
This week's featured articles explore how cyberattack trends have evolved to stay relevant.
Scattered Spider evolves attack methods against major industries
Microsoft reported that cybercrime group Scattered Spider has implemented new attack techniques targeting the airline, insurance and retail industries since April.
While continuing its trademark social engineering tactics of impersonating users to request password resets, Scattered Spider has expanded to abusing SMS services and employing adversary-in-the-middle approaches.
The group has also reversed its cloud-first strategy, now breaching on-premises environments before moving to cloud access.
Updated malware loader enables sophisticated ransomware attacks
Cybercriminals are deploying Matanbuchus 3.0, a premium malware loader priced at $10,000 to $15,000 per month, to facilitate high-value ransomware attacks.
The completely rewritten loader features advanced detection evasion, persistence mechanisms and security tool identification capabilities. In campaigns dating back to September 2024, attackers have impersonated IT help desk personnel over Microsoft Teams calls, convinced employees to grant remote access and execute malicious scripts, and deployed ransomware.
The sophisticated loader specifically performs reconnaissance to look for endpoint detection and response and extended detection and response products from major security vendors and employs stealthy in-memory operations.
AsyncRAT: Open source malware that democratizes cybercrime
AsyncRAT, an open source remote access Trojan released on GitHub in 2019, has evolved into a cornerstone of modern cybercrime by spawning numerous variants.
ESET research revealed that AsyncRAT's C# codebase has created both sophisticated threats such as DCRAT and VenomRAT -- which feature advanced capabilities including ransomware modules and anti-analysis techniques -- and novelty variants such as NonEuclid RAT, which includes a plugin with five built-in jump scare images.
Primarily used by lone threat actors attracted by its low barrier to entry, AsyncRAT persists because platforms hosting its code often avoid takedowns by branding as legitimate tools.
Read the full story by Jai Vijayan on Dark Reading.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Sharon Shea is executive editor of Informa TechTarget's SearchSecurity site.
