Welcome back to the Morphisec Malware Monitor, your trusted roundup of ransomware headlines, emerging cyber threats, and practical defense insights. As the summer holiday season approaches, we want to take a moment to wish all our North American readers a safe and happy holiday!
This Week’s Top News
Iranian-Backed Hackers Continue Operations After U.S. Military Strikes
- Despite recent U.S. military strikes, Iranian-backed cyber groups remain active and focused on retaliatory campaigns targeting critical infrastructure and high-profile entities. These state-aligned actors are known for ransomware-style disruption, destructive wiper malware, and hack-and-leak operations.
- The Department of Homeland Security and CISA continue to issue warnings, urging organizations—especially those in government, energy, and finance—to remain on high alert.
- Experts warn that geopolitical triggers like this can quickly escalate into widespread cyber campaigns, making proactive defense more critical than ever.
Las Vegas, U.S. Cities on Alert as DHS Flags Potential Iranian Cyberattacks
- The Department of Homeland Security (DHS) has issued a new advisory warning that cities like Las Vegas could be potential targets for pro-Iranian cyberattacks.
- The advisory follows increased online chatter from Iranian-aligned hacktivist groups pledging retaliation against U.S.-based infrastructure and businesses.
- With high-profile events and critical infrastructure in play, organizations operating in major U.S. cities should strengthen monitoring, ensure patching of exploitable vulnerabilities, and review incident response plans.
Scattered Spider Expands Targeting to U.S. Aviation Sector
- The cybercriminal group Scattered Spider (UNC-3944) has intensified its attacks, focusing on the U.S. aviation and insurance sectors. Using advanced techniques like IT support impersonation, SIM swapping, and MFA fatigue, these attackers gain unauthorized access to networks, often deploying ransomware or stealing sensitive data.
- To defend against such threats, organizations should prioritize Preemptive Cyber Defense strategies. Implement resilient MFA, like hardware security keys or app-based number matching, to replace vulnerable SMS and email codes. Strengthen help desk security with strict identity validation measures, such as live-video ID checks or callback protocols, instead of relying on easily accessible personal information.
- Maintain tight control over remote admin tools by updating inventories, allow-listing approved access paths, and using secure jump-hosts or VPNs with MFA. Segment critical systems into isolated network zones, enforce least privilege, and maintain regularly tested offline backups to ensure recovery after an attack.
- Continuously monitor for early compromise indicators, such as spikes in MFA resets, unexpected device enrollments, or disabled security agents. Regularly rehearse incident response plans to enable swift action. Proactive measures like these significantly reduce the risk of compromise and enhance overall security.
Veeam Fixes Third Critical RCE Vulnerability in Less Than Two Months
- Backup software giant Veeam has released its third critical remote code execution (RCE) patch in under two months. The latest vulnerability, which affects Veeam Backup Enterprise Manager, could allow unauthenticated attackers to execute arbitrary code remotely.
- Organizations should patch immediately and evaluate compensating controls to mitigate exploitation risk.
Article Spotlight
Polymorphic Defense: Cybersecurity For An AI-Driven Threat Landscape
Polymorphic defense is transforming cybersecurity by introducing AI-driven dynamic strategies that adapt and shift faster than attackers can adjust. Inspired by military tactics, this approach leverages deception, obfuscation, and continuous transformation to create a battlefield of confusion for adversaries.
Morphisec stands out in this space by applying real-time binary polymorphism to endpoint security, making it nearly impossible for attackers to predict or exploit vulnerabilities. This proactive, AI-driven approach is critical as attackers increasingly use sophisticated tools like automated scripts and AI-powered malware. By outpacing threats and making attacks costlier, Morphisec exemplifies the future of cybersecurity: adaptive, unpredictable, and highly effective.
Stay ahead of the curve by exploring how Morphisec is redefining defense in an AI-driven threat landscape.
Closing Notes
Be sure to subscribe to the Morphisec Malware Monitor to get notified whenever we share more weekly headlines, insights, and data on dangerous ransomware attacks and emerging cyber threats! Stay vigilant—and for our American readers—stay safe and have a Happy Independence Day!
