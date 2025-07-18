Generic spray-and-pray phishing attacks, such as the Nigerian prince scams that were fairly easy to identify, have rapidly evolved into targeted, convincing business email compromise attacks.

Ransomware has advanced from locker strains that prevented users from accessing their systems -- something remedied by backups -- to triple extortion ransomware attacks that lock devices, encrypt data, extort data and even conduct DDoS attacks.

These are just two examples of how the cat-and-mouse game between malicious hackers and enterprise security defenders has changed over the years. As soon as enterprises deploy new defenses, attackers find ways to circumvent them. Then defenders figure out how to remedy those, after which attackers learn to overcome the new defenses -- and the vicious cycle repeats endlessly.

This week's featured articles explore how cyberattack trends have evolved to stay relevant.

Scattered Spider evolves attack methods against major industries Microsoft reported that cybercrime group Scattered Spider has implemented new attack techniques targeting the airline, insurance and retail industries since April. While continuing its trademark social engineering tactics of impersonating users to request password resets, Scattered Spider has expanded to abusing SMS services and employing adversary-in-the-middle approaches. The group has also reversed its cloud-first strategy, now breaching on-premises environments before moving to cloud access. Read the full story by David Jones on Cybersecurity Dive.

Updated malware loader enables sophisticated ransomware attacks Cybercriminals are deploying Matanbuchus 3.0, a premium malware loader priced at $10,000 to $15,000 per month, to facilitate high-value ransomware attacks. The completely rewritten loader features advanced detection evasion, persistence mechanisms and security tool identification capabilities. In campaigns dating back to September 2024, attackers have impersonated IT help desk personnel over Microsoft Teams calls, convinced employees to grant remote access and execute malicious scripts, and deployed ransomware. The sophisticated loader specifically performs reconnaissance to look for endpoint detection and response and extended detection and response products from major security vendors and employs stealthy in-memory operations. Read the full story by Nate Nelson on Dark Reading.