Ransomware/Malware
What Is FunkSec?
FunkSec, a new and rapidly emerging ransomware group, has made a notable impact since its appearance in late 2024, surpassing established cybercrime groups like Cl0p in attack volume. Responsible for 103 attacks in December alone, FunkSec’s rise is partly attributed to its use of generative AI to create malware, despite the group's apparent lack of technical expertise. The group’s ransom demands are unusually low, sometimes as little as $10,000. Initially rooted in hacktivism, FunkSec now blends ideological motivations with financial extortion, targeting companies in the US, India, and Israel. Experts are concerned that AI’s role in ransomware development may lower the technical barrier for aspiring cybercriminals, contributing to an increasingly volatile threat landscape.
Malware Targeting Journalists Is Disrupted by Meta
Meta disrupted a malware campaign targeting journalists and civil society members through WhatsApp, using the Paragon spyware (also known as Graphite). The campaign, which affected 90 users, was dismantled in December 2024, with WhatsApp alerting the targets about possible device compromises. Paragon, an Israeli spyware vendor, was linked to the attack, which employed a "zero-click" exploit to infect devices without user interaction. WhatsApp sent a cease-and-desist letter to Paragon and is considering legal action. This marks the first public link between Paragon and a hacking campaign. WhatsApp also recently won a legal case against NSO Group for using WhatsApp to spread the Pegasus spyware, a ruling it hailed as a victory for privacy.
Ransomware Payments Drop in 2024
Ransomware payments dropped by 35% in 2024, with cybercriminals extorting approximately $813.5 million, a significant decline from $1.25 billion in 2023. This marks the first reduction in ransomware revenue since 2022, largely driven by increased law enforcement efforts, international cooperation, and victims' growing resistance to paying ransoms. The drop was especially noticeable in the second half of 2024, following a modest increase earlier in the year. Despite these setbacks, ransomware groups adapted by using faster extortion tactics and new strains. However, the trend of declining payments and shifting strategies among attackers continues, reflecting a growing gap between ransom demands and actual payments.
Phishing/Scams
Unique Method to Hide Malicious PDF Links
A new phishing scam targeting mobile devices uses a sophisticated method to hide malicious URLs inside PDF files, making them undetectable to security systems. The scam involves embedding links in a compressed stream within the PDF, where they appear invisible to both users and security software. The links, disguised as an image of a "Click Update" button, lead victims to a spoofed USPS page asking for personal and financial information. This technique bypasses traditional detection methods and exploits the trust users place in PDF files. The scam has been found in over 20 versions of malicious PDFs and 630 phishing sites, with international targeting. Experts warn that organizations must strengthen mobile and web messaging security to combat such threats.
Artificial Intelligence
AI-Driven Threats Use Cyber Gaps
A new study highlights the growing challenges businesses face in protecting against AI-powered cyberattacks. Despite recognizing the severity of the threat, organizations struggle with issues such as skill shortages, lack of AI-powered tools, and the complexity of managing advanced cybersecurity infrastructures. The study reveals that 19% of respondents globally and 23% in the META region report significant gaps in their cyber protection. Barriers like inadequate AI-related training, shortage of modern tools, and scarcity of qualified cybersecurity professionals leave businesses vulnerable to increasingly sophisticated threats. The consequences of failing to adapt include data leaks, loss of customer trust, financial losses, and reputational damage.
ECCC Aims to Address AI Challenges
The European Cybersecurity Competence Centre (ECCC) has outlined a draft work program for 2025-2027, which aims to address cybersecurity challenges through AI-based tools and post-quantum cryptography. The program, expected to mobilize €353 million, includes €127 million for the development of new technologies, with a focus on AI-driven cybersecurity tools for national authorities and support for small and medium-sized enterprises (SMEs). The ECCC also plans to invest €25 million in a European infrastructure for post-quantum cryptography testing, and €111 million for initiatives related to the Cyber Solidarity Act and improving cyber resilience. Additionally, €106 million is allocated for enhancing national coordination centers and supporting cybersecurity regulations. The program emphasizes cooperation between the civil and defense sectors, with €10 million designated for dual-use technologies. Funding will be provided through the Digital Europe Program, which typically covers 50% of a project's eligible costs.
AI May Alter Your Social Media Posts
A cybersecurity expert from the University of Guelph, Ali Dehghantanha, warns that protecting social media photos from manipulation by AI, such as deepfake technology, is increasingly difficult due to rapid advancements in AI capabilities. The recent case of two boys altering classmates' photos into explicit content highlights the risks parents face in safeguarding their children's images online. While methods like digital watermarks can track images, they are easily bypassed by deepfake technology. Dehghantanha advises against posting images online, as deleting photos does not guarantee they are completely removed from the internet. He also notes that social media platforms may not actively search for manipulated photos, and the definition of privacy is likely to evolve, with images and videos becoming less trusted as reliable sources.
Fortra Brand Protection
Discover how Digital Risk Protection from Fortra can protect your organization’s critical digital assets and data from these online threats.