In August 2024, we uncovered “SteelFox,” a new crimeware bundle that spreads through torrent trackers and imitated software like AutoCAD. Utilizing advanced techniques like shellcoding and abuse of drivers, it steals credit card data, posing a significant threat.

The Kaspersky Digital Footprint Intelligence team analyzed dark web threats targeting businesses and governments in the Middle East in H1 2024. The report identifies severe threats like hacktivism, ransomware gangs, and data breaches that jeopardize operational integrity.

In December, a new ransomware group targeting Russian entities was identified, named “Crypt Ghouls”. The group linked its campaign to existing threats, utilizing tools like Mimikatz and LockBit 3.0. They gained access via compromised contractor credentials over a VPN, showcasing evolving tactics.

In 2023, nearly 10 million devices were targeted by information stealers, tools used for credential theft and cyberattacks. The Kral and AMOS stealers, identified this year, exploit phishing tactics and disguise themselves to collect sensitive data, emphasizing ongoing threats.

Grandoreiro, a notorious Brazilian banking trojan, has been active since 2016, targeting 1,700 banks and 276 crypto wallets across 45 countries in 2024. Despite law enforcement arrests, its operators continue to innovate, evading detection and expanding tactics, including mouse movement tracking to bypass anti-fraud solutions.

Cybercriminals are using fake CAPTCHAs to distribute malware like the Lumma stealer and Amadey Trojan, targeting gamers initially via cracked game sites. This malicious CAPTCHA spreads across diverse platforms, tricking users into executing harmful scripts.

Organizations often use layered defenses, yet breaches can go unnoticed. Compromise assessments aim to reduce risks by detecting active cyberattacks and past intrusions through endpoint scanning, log analysis, and initial incident responses, thereby strengthening security.