Bi-weekly Cyber Landscape Reviews - May 6th 2025

Ransomware/Malware

New Malware Targets Pharma and Healthcare Organizations

A newly identified remote access trojan (RAT) named ResolverRAT is actively targeting healthcare and pharmaceutical organizations worldwide. Delivered via phishing emails that exploit urgency—such as legal threats or copyright violations—the malware is distributed through localized messages in languages including Hindi, Turkish, and Portuguese. Once a victim clicks on a malicious link, the malware employs DLL side-loading to execute in-memory without writing to disk, evading traditional security measures. ResolverRAT's capabilities include keystroke logging, screenshot capture, credential harvesting, and remote command execution. It establishes persistent control through encrypted communication, IP rotation, and certificate-based authentication, making detection and removal challenging. While the malware shares infrastructure with previous campaigns distributing info-stealing malware like Lumma and Rhadamanthys, ResolverRAT introduces a distinct loader and payload architecture, warranting classification as a new malware family. This campaign underscores the growing sophistication of cyber threats targeting critical sectors and highlights the need for enhanced cybersecurity measures in healthcare and pharmaceutical industries.

Phishing/Scams

42,000 LabHost Phishing Domains Published

The FBI released a comprehensive list of 42,000 phishing domains linked to the now-defunct LabHost phishing-as-a-service (PhaaS) platform, which operated from November 2021 until its takedown in April 2024. LabHost was a subscription-based service that provided cybercriminals with tools to create and manage spoofed websites mimicking legitimate organizations, including major banks and streaming platforms. At its peak, the platform had approximately 10,000 users worldwide. The FBI's disclosure aims to assist cybersecurity professionals in identifying and mitigating threats associated with these domains. The takedown was part of a coordinated international law enforcement operation involving agencies from 19 countries, resulting in the arrest of 37 individuals and the seizure of over 200 servers hosting phishing websites created through LabHost. The operation also uncovered that LabHost had been used to steal over one million user credentials and nearly 500,000 credit card numbers, highlighting the significant impact of this cybercrime service.

Low-Tech Phishing on the Rise

In the first half of 2024, email-based cyberattacks surged by 239% compared to the same period in 2023, with phishing attacks representing 75% of all incidents. This increase is attributed to the widespread use of generative AI by cybercriminals to craft highly convincing and personalized phishing emails, making traditional detection methods less effective. The rise in attacks has led to a 47% increase in email threats targeting organizations, with 40% of users encountering at least one attack. To combat this, experts recommend implementing AI-driven email security solutions, conducting regular phishing awareness training, and enforcing multi-factor authentication to enhance resilience against evolving email threats.

Artificial Intelligence

Business Functions Hit by AI Phishing

A recent report by SC Media UK reveals a significant rise in AI-enhanced phishing attacks targeting various business functions. Approximately 65% of UK IT professionals identified AI-driven phishing as the most pressing cybersecurity threat for 2025. These attacks have become more sophisticated, leveraging AI tools to craft convincing emails and impersonate trusted contacts, thereby bypassing traditional security measures. The surge in such threats underscores the need for businesses to adopt advanced security protocols and employee training to mitigate the risks associated with AI-enabled cyberattacks.

Emerging Threats from Generative AI Misuse

Generative AI is increasingly exploited by cybercriminals to launch sophisticated attacks, posing significant challenges to cybersecurity. Tools like WormGPT enable the creation of convincing phishing emails and business email compromises, even for those with limited technical expertise. AI-driven malware, such as polymorphic variants, can adapt and evolve to evade traditional detection methods. Additionally, vulnerabilities like prompt injections allow attackers to manipulate large language models, leading to unintended behaviors and potential data breaches. The rise of deep-fake technology has further complicated matters, enabling realistic impersonations that facilitate fraud and unauthorized access. As AI continues to advance, its misuse in cyberattacks underscores the urgent need for enhanced security measures and awareness to mitigate these emerging threats.