Casmer Labs monitors the dynamic landscape of cybersecurity, cloud security, and particularly cloud data security. Our mission is to ensure that our customers and the public are informed about critical security developments, incidents, and updates.

In our Q2 threat report, the Casmer Labs team anticipated continuing growth in popularity of data breaches, particularly related to cloud misconfigurations, vulnerabilities, and lack of activity monitoring.

Qilin Ransomware Ups Activity

Back in June, Casmer Labs reported the rise of the Qilin ransomware-as-a-service (RaaS) group, including its peculiar then brand-new offering of legal counsel to their customers. Largely driven by the decline in it’s competitors RansomHub, LockBit, Everest, and BlackLock, Qilin has been linked to two major cyberattacks in August alone.

The first attack was against pharmaceutical and biotechnical company Inotiv Inc., who filed a report to the SEC on Monday, August 18. Qilin claimed that they shut down critical systems and exfiltrated 176GB of research data collected over a number of years. It is not yet clear exactly how Qilin compromised Inotiv’s systems, but recovery costs for similar incidents caused by Qilin have been estimated at $2 million dollars.

The second attack was against Nissan’s design studio, Creative Box Inc. On August 25, 2025, Qilin announced that they had exfiltrated over 4 TB of sensitive information, including:

• 3D models of upcoming vehicles
• Design documents
• Videos and photos
• Financial records

The method of breach has not yet been confirmed. Nissan has also yet to publish a statement on the matter.

Casmer Labs, Cloud Storage Security’s internal threat laboratory, recommends that all organizations take the following steps to avoid both file-borne and fileless ransomware threats:

• Maintain a Robust Backup and Disaster Recovery Strategy: Always maintain backups of all business-critical data and scan backups for latent ransomware upon recall
• Apply Rigorous Patching and Maintenance/Upkeep: All systems, including local/virtual machines, networks, and applications, should be updated to address security vulnerabilities as often as possible
• Train and Educate Employees: Quarterly training on social engineering (including phishing) avoidance and mitigation, security best practices, and more is essential
• Implement Automated Protection: Automated activity monitoring that detects exfiltration attempts and other anomalies and takes appropriate action can stop similar attacks before data is lost

More Misconfiguration Incidents

First discovered on September 3, 2025, Navy Federal Credit Union (NFCU), the world’s largest credit union, exposed 378 terabytes of backup data via a misconfigured and publicly accessible Amazon S3 bucket. Investigators have confirmed that no plain-text member data was exposed, but this does not negate all risks associated with the breach. As with many recent misconfiguration incidents, the information compromised by attackers can be used to supplement social engineering efforts, including phishing campaigns. 

The backups reportedly included:

• Usernames and email addresses
• Hashed (obfuscated) passwords
• Encryption keys
• Internal documents, including financial reports and operational playbooks

The incident continues a string of high-profile financial institutions falling victim to similar misconfiguration issues, with another publicly accessible Amazon S3 bucket being linked to FTX Japan in late July.

About Casmer Labs

Casmer Labs is a division of Cloud Storage Security (CSS) focused on threat intelligence and research concerning cloud computing, especially the storage layer in the cloud.

Casmer Labs provides threat intelligence, security education, trend reports, and other information important to modern organizations. We provide this information free of charge and aim to educate the public and reduce the frequency of cyberattacks across all industries. The Casmer Labs team is composed of engineering, product, support, and dedicated threat research personnel.

Casmer Labs is dedicated to Ed Casmer, founder and Chief Technology Officer at CSS, who passed away in 2023.