Major Incidents or Breaches

  • Optima Tax Relief, a U.S. tax resolution firm, suffered a Chaos ransomware attack, resulting in the leakage of stolen data.
  • Kettering Health, a healthcare provider managing 14 medical centers in Ohio, confirmed a May cyberattack by the Interlock ransomware group, with data exfiltration.
  • Ukrainian critical infrastructure was targeted by a new data wiper malware, PathWiper, in a disruptive attack attributed to previously unseen malware.
  • 86 million AT&T customer records, including names, dates of birth, phone numbers, email addresses, street addresses, and social security numbers, are reportedly being sold on the dark web.

Newly Discovered Vulnerabilities

  • A critical vulnerability, CVE-2024-3721, affecting TBK DVR devices is being actively exploited by a new Mirai botnet variant.
  • Two critical Fortinet vulnerabilities, enabling authentication bypass and remote code execution, are now being exploited by the Qilin ransomware operation.

Notable Threat Actor Activity

  • The Qilin ransomware group is actively exploiting Fortinet vulnerabilities in ongoing attacks.
  • The Interlock ransomware group was responsible for the Kettering Health breach.
  • A new Mirai botnet variant is targeting TBK DVR devices via CVE-2024-3721.
  • The BADBOX 2.0 botnet continues to target home networks and connected Android devices, despite partial disruption earlier this year.
  • Cybercriminals are increasingly leveraging residential proxy services to disguise malicious web traffic as legitimate user activity.
  • A new campaign deploying Atomic macOS Stealer malware is exploiting “ClickFix” social engineering tactics to target Apple users.
  • Multiple widespread phishing campaigns are utilizing ClickFix tactics to deliver malware to business targets.
  • Indian authorities, with support from Microsoft, dismantled two illegal call centers and arrested six individuals involved in a transnational tech support scam targeting Japanese users.

Trends, Tools, or Tactics of Interest

  • ClickFix social engineering tactics are gaining traction in phishing campaigns, enhancing the sophistication and success rate of malware delivery.
  • Use of residential proxy services by cybercriminals is growing, complicating detection and attribution of malicious web traffic.
  • Data wiper malware, such as PathWiper, is being deployed in targeted attacks against critical infrastructure, notably in Ukraine.
  • The ongoing exploitation of IoT and DVR devices by Mirai variants highlights continued targeting of networked hardware.
  • The FBI warns that the BADBOX 2.0 botnet remains active, targeting home networks through compromised Android devices.
  • Synthetic data is being adopted to support AI development and privacy compliance, but introduces risks of re-identification and model integrity.

Regulatory or Policy Developments Affecting the Security Industry

  • Microsoft and CrowdStrike have announced a joint initiative to standardize naming conventions for APT (Advanced Persistent Threat) groups, aiming to reduce confusion in threat intelligence reporting.
  • Law enforcement agencies from over a dozen countries conducted an international operation arresting 20 suspects involved in the production and distribution of child sexual abuse material.
  • F5 has acquired agentic AI security startup Fletch, with plans to integrate its technology into the F5 Application Delivery and Security Platform.