Monthly Threat Report July 2024: Snowflake(s) in July
Vade
—July 12, 2024
—1 min read

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of June 2024.
Executive Summary
- The Hornetsecurity Monthly Threat Report format is changing. See section below executive summary for more details.
- The amount of low-effort / high-volume email attacks increased for the month of June while other more targeted attacks decreased.
- Malicious HTML files were the top-used file type for the deliver of malicious payloads throughout the month. This was partially driven by a new “Pastejacking” campaign we observed sometime in June.
- The mining, entertainment, and manufacturing industries were the most targeted industries throughout the last month.
- Brand impersonations for the month are down with the most impersonated brands for the month being FedEx, Facebook, and DHL.
- The Cryptocurrency Wallet service MetaMask had a small campaign specifically targeting MetaMask users with brand impersonation attempts.
- Customers of Cloud Data Storage provider Snowflake have actively been targeted by threat actors in a campaign that has breached an estimated 165 organizations. It appears that Snowflake itself has not been breached in these cases.
- Change healthcare has finally announced news of what type of information was leaked as part of a significant ransomware attack earlier this year. The amount of leaked data is significant.
- Kaspersky has been banned by US federal authorities from conducting business in the country. After 20 July 2024, the sale of Kaspersky software in the US is not allowed
- The FBI has come into possession of a number of Lockbit decrypt keys. If your organization has been impacted by Lockbit and you’ve yet to gain access to your data, please see the below section on this topic.