Monthly Threat Report June 2024: New Threat Campaigns Involving Darkgate

Monthly-Threat-Report-Jun (1)

Introduction

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of May.

Executive Summary

  • Email-based threats increased over the past month, with most of the increase being attributed to an increase in easily detectable, low-effort spam messages.
  • Malicious file attachment use increased during this data period with archive files alone seeing a 13.2 percentage point increase in usage.
  • All business verticals saw an increase in targeting over the last month with the mining, entertainment, and media industries at the top of the list of most targeted verticals.
  • Fedex and Facebook saw large increases in brand impersonation attempts.
  • The team at Hornetsecurity has observed a new campaign distributing the Darkgate Malware using a technique known as pastejacking. This report contains a detailed deep-dive.
  • The 911 S5 Proxy Botnet was taken down by US Law enforcement and international partners. This is potentially the largest botnet takedown to date.
  • Threat actors are posing as helpful community members on Stackoverflow in an effort to get users to download malicious PyPI packages.

 

Read more