Monthly Threat Report July 2024: Snowflake(s) in July

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of June 2024.

Executive Summary

  • The Hornetsecurity Monthly Threat Report format is changing. See section below executive summary for more details.
  • The amount of low-effort / high-volume email attacks increased for the month of June while other more targeted attacks decreased.
  • Malicious HTML files were the top-used file type for the deliver of malicious payloads throughout the month. This was partially driven by a new “Pastejacking” campaign we observed sometime in June.
  • The mining, entertainment, and manufacturing industries were the most targeted industries throughout the last month.
  • Brand impersonations for the month are down with the most impersonated brands for the month being FedEx, Facebook, and DHL.
  • The Cryptocurrency Wallet service MetaMask had a small campaign specifically targeting MetaMask users with brand impersonation attempts.
  • Customers of Cloud Data Storage provider Snowflake have actively been targeted by threat actors in a campaign that has breached an estimated 165 organizations. It appears that Snowflake itself has not been breached in these cases.
  • Change healthcare has finally announced news of what type of information was leaked as part of a significant ransomware attack earlier this year. The amount of leaked data is significant.
  • Kaspersky has been banned by US federal authorities from conducting business in the country. After 20 July 2024, the sale of Kaspersky software in the US is not allowed
  • The FBI has come into possession of a number of Lockbit decrypt keys. If your organization has been impacted by Lockbit and you’ve yet to gain access to your data, please see the below section on this topic.

 

Read more