Author: Staff Writer

Essential Insights An international law enforcement operation, Operation Elicius, led by Europol, dismantled the Diskstation ransomware gang, responsible for crippling numerous companies in Lombardy by encrypting their systems. The gang targeted Synology Network-Attached Storage (NAS) devices globally since 2021, demanding ransom payments ranging from $10,000 to hundreds of thousands of dollars for decryption. Victims included various sectors, such as graphic and film production firms, suffering complete operational paralysis due to data encryption, and many reported incidents to law enforcement. The primary suspect, a 44-year-old Romanian, was arrested following investigations led by the Milan Prosecutor’s Office, which utilized forensic and blockchain…

Fast Facts Emergence of GLOBAL GROUP: A new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP has been identified, targeting multiple sectors across Australia, Brazil, Europe, and the U.S. since June 2025, and is believed to be a rebranding of the BlackLock RaaS. Operational Tactics: The group relies on initial access brokers to infiltrate corporate networks by exploiting vulnerable edge appliances and using brute-force methods, allowing affiliates to focus on delivering payloads rather than initial breaches. Advanced Features: GLOBAL GROUP offers an affiliate panel with AI-driven negotiation tools and customizable payloads, boasting an enticing 85% revenue-sharing model to attract affiliates, enhancing its…

Top Highlights Ransomware Recovery: Ingram Micro has restored global operations after a ransomware attack caused a multiday disruption to its services. Ongoing Support: The company is actively collaborating with customers and vendors to address the aftermath of the attack and provide necessary support. Attack Investigation: The cybercrime group SafePay claimed responsibility for the attack, which compromised Ingram Micro’s order processing capabilities. Continued Vigilance: Ingram Micro is working with law enforcement and forensic experts to assess the scope of the damage and ensure security measures moving forward. Resilience in the Face of Adversity Ingram Micro recently announced the restoration of its…

Fast Facts Event Focus: SecurityWeek’s Cloud & Data Summit on July 16, 2025, will address critical issues in cloud cybersecurity, particularly exposed attack surfaces and weaknesses in public cloud infrastructures, amid ongoing digital transformation efforts. Expert Insights: Renowned speakers will cover diverse topics such as integrating DevSecOps, protecting sensitive data, securing AI applications, and mitigating identity fraud—highlighting the evolving complexities of cloud security. Interactive Format: Attendees will experience a fully immersive virtual platform, enabling direct engagement with speakers, networking opportunities, and access to the latest security tools through interactive booths and demo zones. Target Audience: The summit is aimed at…

Summary Points Data Breach Disclosure: Pennsylvania-based Century Support Services revealed a significant data breach affecting over 160,000 individuals, linked to a cyberattack in November 2024. Personal Data Exposed: Investigations found that hackers potentially accessed sensitive personal information, including names, Social Security numbers, and financial details. Client Impact: The company, which has served nearly 300,000 clients, is notifying those affected and offering them 12 months of free identity theft protection and credit monitoring. No Claims from Ransomware Groups: As of now, no ransomware group has publicly claimed responsibility for the cyberattack on Century Support Services. The Core Issue In November 2024,…

Essential Insights Evolution of AsyncRAT: Since its GitHub release in January 2019, AsyncRAT has established itself as a foundational remote access trojan (RAT), spawning various sophisticated variants due to its open-source nature and modular architecture. Deployment and Impact: AsyncRAT is commonly distributed through phishing campaigns and bundled with loaders like GuLoader, with the potential to act as a staging tool for more severe payloads like ransomware, making early detection critical. Emergence of Variants: AsyncRAT has led to more advanced forks, such as DCRat and Venom RAT, featuring enhanced evasion techniques and extended capabilities like webcam access and credential theft, highlighting…

Summary Points Introduction of AADAPT: MITRE Corporation launched the Adversarial Actions in Digital Asset Payment Technologies (AADAPT), a cybersecurity framework aimed at addressing vulnerabilities in cryptocurrency and digital financial systems. Framework Design: AADAPT, modeled after the MITRE ATT&CK framework, provides a structured approach for developers, organizations, and policymakers to identify and mitigate risks related to digital asset payments. Research Foundation: The framework was developed using insights from over 150 sources on real-world threats, resulting in a comprehensive playbook of tactics, techniques, and procedures (TTPs) associated with cyberattacks on digital currencies. Focus on Security Enhancement: AADAPT aims to improve the cybersecurity…

Top Highlights Cyberattack on Belk: The DragonForce ransomware gang claimed responsibility for a significant cyberattack on US department store chain Belk, disrupting both online and physical operations since May 8. Data Compromise: Hackers accessed Belk’s network from May 7 to 11, exfiltrating sensitive documents, including names and Social Security numbers, jeopardizing customers’ personal information. Post-Attack Measures: In response, Belk has disconnected affected systems, reset passwords, and is offering impacted individuals 12 months of free credit monitoring and identity theft insurance up to $1 million. DragonForce Operations: The ransomware gang, operational since December 2023, claims to have exfiltrated 156 GB of…

Lateral movement is the X factor that transforms ransomware attacks from a mere nuisance to an enterprise-level incident. While once found only in high-end APT style operations, today lateral movement skills and techniques have been commoditized and are incorporated into over 80% of ransomware attacks. Why are these attacks still succeeding at large despite increasing investments in cybersecurity controls? The answer lies in the inherent blind spots found in practically every security stack, and the inability of endpoint and network security products to prevent malicious authentications in real time. Join us in this webinar to learn: How lateral movement…

Summary Points Emergence of FileFix: Hackers are now using the ‘FileFix’ technique in Interlock ransomware attacks, focusing on stealthy social engineering methods to deliver a remote access trojan (RAT), marking a shift from the previously utilized ClickFix approach. KongTuke Web Injector: Interlock ransomware has leveraged the KongTuke web injector to deliver payloads via compromised websites, prompting users to execute disguised PowerShell commands, leading to RAT installation. Post-Infection Activities: After execution, the RAT collects system and network data, performing tasks like Active Directory enumeration and lateral movement, aided by command and control (C2) commands from attackers. Noteworthy Victims: Since its launch…