FunkSec, a RaaS operator, utilizes artificial intelligence to evolve threat actor strategies. While AI aids in scaling operations and generating ransomware, its sophistication remains limited.
FunkSec Ransomware
Recycled or fabricated claims damage credibility and hint at execution gaps, even with the innovative use of AI. FakeUpdates (SocGholish) was the most common malware in December, affecting 5% of global organizations.
AgentTesla (3%), Androxgh0st (3%), and FakeUpdates (SocGholish) followed in prevalence. These threats used various methods, including credential theft and cross-platform botnet attacks, to compromise organizations worldwide.
FakeUpdates is a JavaScript downloader that installs malware like AgentTesla (a keylogger and information stealer), Androxgh0st (a multi-platform botnet for servers), Remcos (a remote access trojan using Office docs), and AsyncRat (a Trojan collecting system info and executing commands) on compromised systems.
Trojans like NJRat, Rilide, and Amadey steal data, provide remote access, and distribute malware. The Phorpiex botnet spreads malware and supports spam campaigns, while Formbook, marketed as MaaS, is an information stealer using advanced evasion techniques.
Anubis, a banking trojan with RAT, keylogging, and ransomware features, led mobile threats in December. It was followed by Necro, a trojan dropper, and Hydra, a banking trojan that steals credentials by exploiting app permissions.
Cyberattacks mainly targeted Education/Research institutions, followed by Communications and Government/Military sectors, highlighting the risks faced by industries with complex infrastructures and sensitive data.
Check Point Research reports that FunkSec, an emerging group using double extortion, led ransomware activity in December, followed by RansomHub (a RaaS targeting VMware ESXi) and LeakeData, a new entity operating a DLS with unclear intentions.
In December 2024, persistent threats like FakeUpdates, AgentTesla, and mobile malware remained active, while FunkSec used AI in ransomware attacks. The rise of new groups and critical infrastructure vulnerabilities highlight the need for organizations to adopt advanced technologies, real-time threat intelligence, and strong defenses to counter evolving cyber risks.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment