Campaigns to promote BumbleBee malware loader, a sophisticated malware downloader that can detect virtual environments, load multiple ransomware, and is highly stealthy dominated the threat landscape this week. Based on analysis of threat intelligence data gathered by our security analysts, 7 campaigns were run by at least 4 groups last week across 3 continents to push this malware loader. This includes the dreaded Conti group.
The renewed interest in promoting ransomware across multiple channels through multi-phased phishing campaigns targeting verticals such as manufacturing, critical infrastructure, power plants, shipping firms, and defense entities is certainly a matter of concern. More importantly, the malware development cycles are shrinking (from months to weeks) and ransom payment windows are also getting shorter with hackers asking for a ransom to be paid in 48 hours.
With growing attacks on IoT and OT infrastructure, the spike in cyberattacks expected in April has materialized and the volume of attacks continues to grow with the increasing levels of activity attributed to APT groups linked to China and North Korea.
Financial services firms, as well as manufacturers, should be on their guard and watch out for anomalous traffic volumes coming from random geographies.