Data Breach Notification, Data Security, Fraud Management & Cybercrime Interlock Claims to Possess 1.5TB of DaVita’s Data Amid Rising Costs Marianne Kolbasuk McGee (HealthInfoSec) • August 6, 2025 Image: DaVita Inc. DaVita Inc., a leading provider in kidney dialysis services globally, recently reported to regulators that a cyberattack occurring in…
Surge in Cybercrime: Alarming Trends in Ransomware and Infostealer Attacks Recent research highlights a significant escalation in cybercrime activity throughout 2025, characterized by substantial increases across various types of threats. Notably, there has been a staggering 800% rise in credential theft attributed to information-stealing malware, defining identity theft as a…
Cybersecurity researchers have identified a new iteration of the ZLoader malware that utilizes Domain Name System (DNS) tunneling for command-and-control (C2) communications, showcasing that threat actors are actively enhancing their toolset after its reappearance a year ago. “Zloader version 2.9.4.0 features significant improvements, including a custom DNS tunnel protocol for C2 communications and an interactive shell supporting over a dozen commands, potentially aiding in ransomware attacks,” Zscaler ThreatLabz noted in a report released on Tuesday. “These enhancements provide added resilience against detection and mitigation efforts.” ZLoader, also known as Terdot, DELoader, or Silent Night, functions as a malware loader capable of deploying subsequent payloads. Following the shutdown of its infrastructure, malware campaigns distributing ZLoader were observed again for the first time in nearly two years in September 2023.
ZLoader Malware Resurfaces Utilizing DNS Tunneling for C2 Communications On December 11, 2024, cybersecurity experts reported the emergence of an updated version of the ZLoader malware, which now employs a Domain Name System (DNS) tunneling technique for its command-and-control (C2) communications. This advancement illustrates a continued evolution of this malicious…
Cybersecurity researchers have identified a new iteration of the ZLoader malware that utilizes Domain Name System (DNS) tunneling for command-and-control (C2) communications, showcasing that threat actors are actively enhancing their toolset after its reappearance a year ago. “Zloader version 2.9.4.0 features significant improvements, including a custom DNS tunnel protocol for C2 communications and an interactive shell supporting over a dozen commands, potentially aiding in ransomware attacks,” Zscaler ThreatLabz noted in a report released on Tuesday. “These enhancements provide added resilience against detection and mitigation efforts.” ZLoader, also known as Terdot, DELoader, or Silent Night, functions as a malware loader capable of deploying subsequent payloads. Following the shutdown of its infrastructure, malware campaigns distributing ZLoader were observed again for the first time in nearly two years in September 2023.
Ransomware Attack on Arkansas Oncology Group Impacts Over 113,000 Patients In a significant data breach, the Arkansas Oncology Group reported a ransomware attack affecting approximately 113,500 individuals. This incident, as detailed by the HIPAA Journal, underscores the increasing threats posed by cybercriminals in the healthcare sector, which frequently stores sensitive…
Black Hat, Cyberwarfare / Nation-State Attacks, Events Also: Rethinking IT-OT Integration; Previewing Black Hat 2025 Anna Delaney (annamadeline) • August 1, 2025 Clockwise, from top left: Anna Delaney, Mathew Schwartz, Suparna Goswami, and Tom Field This week, four editors from ISMG convened to delve into the latest developments surrounding the…
Cyberattacks on U.S. Cities Increasingly Disruptive: Recent Incidents in Abilene and St. Paul In recent months, U.S. cities have been facing a surge in hacking incidents, many of which involve ransomware attacks that disrupt essential services and carry significant financial burdens. Abilene, Texas, recently experienced a serious breach wherein 477…
3rd Party Risk Management, Data Breach Notification, Data Security Firm Confirms Ransom Payment for Assurance of Data Deletion Following Cyber Incident Marianne Kolbasuk McGee (HealthInfoSec) • July 30, 2025 Image: Getty Images Two law firms situated in Florida, with additional offices across the U.S., are alerting 282,100 individuals about potential…
Fraud Management & Cybercrime, Ransomware Operation Checkmate Disrupts Major Russian-Speaking Ransomware Group Mathew J. Schwartz (euroinfosec) • July 28, 2025 The BlackSuit dark web leak site as of July 24, 2025. In a significant international effort, Operation Checkmate has dismantled BlackSuit, a ransomware group responsible for leveraging ransom demands that…
Four Arrested in £440M Cyber Attack on Major Retailers Marks & Spencer, Co-op, and Harrods
Jul 10, 2025
Cybercrime / Ransomware
The U.K. National Crime Agency (NCA) announced on Thursday the arrest of four individuals linked to cyber attacks against prominent retailers including Marks & Spencer, Co-op, and Harrods. The suspects, consisting of two 19-year-old men, a 17-year-old male, and a 20-year-old woman, were apprehended in the West Midlands and London on charges relating to the Computer Misuse Act, blackmail, money laundering, and involvement in organized crime. All four were arrested at their residences, and their electronic devices have been confiscated for forensic examination. Their identities have not been released. Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, emphasized that “since these attacks occurred, our dedicated cybercrime investigators have been working swiftly, making this investigation a top priority.” He stated, “Today’s arrests mark a significant advancement in our efforts.”
Four Individuals Arrested in £440M Cyber Attack on Major UK Retailers On July 10, 2025, the U.K. National Crime Agency (NCA) announced the arrest of four individuals in connection with a substantial cyber attack that targeted prominent retailers, including Marks & Spencer, Co-op, and Harrods. The suspects, two 19-year-old men,…
Four Arrested in £440M Cyber Attack on Major Retailers Marks & Spencer, Co-op, and Harrods
Jul 10, 2025
Cybercrime / Ransomware
The U.K. National Crime Agency (NCA) announced on Thursday the arrest of four individuals linked to cyber attacks against prominent retailers including Marks & Spencer, Co-op, and Harrods. The suspects, consisting of two 19-year-old men, a 17-year-old male, and a 20-year-old woman, were apprehended in the West Midlands and London on charges relating to the Computer Misuse Act, blackmail, money laundering, and involvement in organized crime. All four were arrested at their residences, and their electronic devices have been confiscated for forensic examination. Their identities have not been released. Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, emphasized that “since these attacks occurred, our dedicated cybercrime investigators have been working swiftly, making this investigation a top priority.” He stated, “Today’s arrests mark a significant advancement in our efforts.”
