The FLINT Report: January 19 | 2024 Predictions, Stealer Malware, and ALPHV

CEO Forecast: Navigating the 2024 Cyber Threat Landscape

Flashpoint's CEO, Josh Lefkowitz, unveils the top trends shaping the cyber threat landscape in 2024.

The top 10 most anticipated threats for 2024

1. Utilization of AI in enhancing business operations and cybersecurityExpect AI’s role in business operations and cybersecurity to expand, offering both efficiencies—and new vulnerabilities—that will require strategic oversight and management.

2. AI-driven cyber threats increasingly targeting business operationsOn a related note, expect to see a rise in AI-enabled cyber attacks, with sophisticated tactics that could directly affect business operations, customer data security, and potentially exploit AI-driven business processes.(I outlined this double-edged sword here.)

3. Social engineering attacks becoming more sophisticated and targetedBe prepared for an increase in sophisticated social engineering attacks, potentially leveraging AI technologies, which could target high-level executives and critical business units.

4. Insider threats becoming more complex and frequentAnticipate an increase in insider threat incidents, not just in frequency—but also in complexity. As insiders are increasingly being lured across various illicit online communities, visibility into these recruitment and advertising activities is essential. Insider threats could pose heightened risks to sensitive company data, intellectual property, and internal systems across various industries.

5. Supply chain and third-party vulnerabilities impacting business continuityPredict a continued rise in supply chain and third-party attacks, which could disrupt business operations, affect vendor relationships, and require more robust continuity and response strategies. The strategy of targeting third-party firms to gain access to larger networks, as demonstrated in attacks on companies like JumpCloud and Airbus, is anticipated to be a prevalent method among cyber threat actors.

Delve into all ten of Lefkowitz's 2024 threat landscape predictions.

View forecast.

The Evolution and Rise of Stealer Malware

Information-stealing malware, or stealers, are a type of malware designed to target data of interest on a target system and exfiltrate it for the attacker to use in other capacities. Common targets for stealers include system information and browser data to credit cards and crypto wallets.

Stealers have been observed in the wild for nearly two decades. Ever since “ZeuS,” also known as “Zbot”, first appeared in 2006, stealers have been in high demand across illicit communities and have been an effective weapon in the threat actor digital arsenal.

In this article, we cover what stealers are, how they work, and what malicious actors do with compromised data.

Learn more.

ALPHV’s Downfall? The 2023 Crackdown on BlackCat Ransomware

The FBI announced today that it has seized the darknet website of ransomware gang ALPHV, confirming earlier rumors that law enforcement was responsible for the site’s unavailability earlier this month.

The Department of Justice (DoJ) detailed its takedown of ALPHV, sometimes referred to as BlackCat or Noberus, including information on a decryption tool that law enforcement shared with over 500 affected victims of the group. The takedown follows the arrests of several ransomware operators and affiliates in November 2023, as part of a prior Europol investigation dating back to 2021.

In this blog we detail the ALPHV ransomware group, victims, motivations, and methodologies, indicators of compromise, and its overall impact on the cyber threat landscape

Read now.

What VulnDB's 100k Non-CVE Vulnerabilities Means for You

Flashpoint has curated the largest collection of vulnerabilities—including over 100,000 that cannot be found in CVE or NVD.

Why does this matter?

• Unveil hidden threats: Vulnerability Management programs strictly relying on CVE & NVD are likely unaware of nearly a third of all known vulnerability risk.
• Real, impactful risk: Many major vendors and well-known third-party libraries are affected by non-CVE vulnerabilities. Additionally, more than half of all non-CVE vulnerabilities have high to critical CVSSv3 scores.
• Jump-start remediation: Flashpoint’s non-CVE data accounts for nearly a third of all known disclosed remote and network access vulnerabilities. It also details an additional 40 percent of documented in-the-wild vulnerabilities compared to NVD.

See what missing vulnerability data means for your organization. 

Learn more.

See Flashpoint Ignite in Action

Gain visibility into intelligence landscapes across cyber threats, vulnerabilities, and physical security. With Ignite, security experts can connect the dots across data and intelligence in a single workspace to coordinate a better-informed, more effective response.

Get a demo.

Get to Know Flashpoint

We hope you’re enjoying The FLINT Report! This newsletter is created by Flashpoint, a risk intelligence company headquartered in Washington, D.C. Our mission is to deliver timely, actionable intelligence to organizations in the public and private sectors, and help them help protect their most critical assets, infrastructure, and stakeholders from a wide range of cyber and physical security risks. Visit flashpoint.io to learn more.