Casmer Labs monitors the dynamic landscape of cybersecurity, cloud security, and particularly cloud data security. Our mission is to ensure that our customers and the public are informed about critical security developments, incidents, and updates.

In our Q1 threat report, the Casmer Labs team anticipated continuing growth in popularity of infostealers as well as the resulting increase in infostealer-related cybersecurity incidents.

INTERPOL Takes Down 20,000 Malicious IP Addresses Used by Infostealers

On Wednesday, June 11, the International Criminal Police Organization (INTERPOL) announced that they had dismantled over 20,000 malicious IP addresses and domains that were suspected to be used to receive information from 69 separate infostealer variants. These raids took place between January and April of 2025, resulted in 41 servers seized and 32 physical arrests made. The effort, codenamed “Operation Secure”, was a joint effort between 26 separate countries and their law enforcement agencies.

Figure 1. High level statistics regarding Operation Secure, distributed by INTERPOL

While Operation Secure was no doubt a success, history suggests that it won’t be long before other servers are spun up and different cybercriminals take their place. In April, Casmer Labs reported an estimated 40% increase in popularity of infostealer development and usage in the 6 months prior. As the global volume of data increases and the price of sensitive information on black markets continues to rise, we maintain that infostealers and other data-centric strains of malware will continue to grow in popularity.

To prevent infection and/or a cybersecurity incident regarding infostealers, Casmer Labs recommends the following:

• Implementing regularly-updated malware scanning on endpoints, networks, applications, local machines, and in the storage layer in the cloud
• Regularly educating employees on social engineering schemes, including phishing
• If possible, configuring schedule-based scanning on all protected layers to catch latent malware as new signatures are added/updated

Better Call Who Again?

Reported on June 20 by Ravie Lakshmanan, a certain ransomware-as-a-service (RaaS) vendor dubbed Qilin is now presenting customers with the option of legal counsel. Translated by Cybereason from the console itself, “The mere appearance of a lawyer in the chat can exert indirect pressure on the company and increase the ransom amount, as companies want to avoid legal proceedings. The benefits of working with the legal department include:

• Legal assessment of your data;
• Classification of violations in accordance with applicable legal acts in different jurisdictions;
• Legal evaluation of potential damages (including lawsuits, legal costs, reputational risks);
• Ability to conduct direct negotiations between the company and the lawyer;
• Advice on how to inflict maximum financial damage on the company if it refuses to comply (and how to avoid similar situations in the future).”

The popularity of Qilin in recent months is likely correlated to the decline in its competitors; RansomHub, LockBit, Everest, and BlackLock have all recently shut down or lost the favor of customers.

RaaS gangs have long been known to emulate the business practices of legitimate SaaS vendors. Customer support, professional services, financing options, and community forums have been offered by larger RaaS vendors for years. However, legal intimidation is a new threat to victims, showcasing the continuing growth in complexity (and effectiveness) RaaS gangs prioritize in the name of beating their competitors and maximizing profit.

About Casmer Labs

Casmer Labs is a division of Cloud Storage Security (CSS) focused on threat intelligence and research concerning cloud computing, especially the storage layer in the cloud.

Casmer Labs provides threat intelligence, security education, trend reports, and other information important to modern organizations. We provide this information free of charge and aim to educate the public and reduce the frequency of cyberattacks across all industries. The Casmer Labs team is composed of engineering, product, support, and dedicated threat research personnel.

Casmer Labs is dedicated to Ed Casmer, founder and Chief Technology Officer at CSS, who passed away in 2023.