Leader in Cyber Underwriting

Loading...

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Analyze » Malwarebytes » MALZIM1767063128

Incident Score: Analysis & Impact (MALZIM1767063128)

The details regarding individual company incidents & reports gives you full view from every side.

Rankiteo Score Impact Analysis

Rankiteo Incident Impact-20

Company Score Before Incident635 / 1000

Company Score After Incident615 / 1000

Company LinkView Malwarebytes Profile

INCIDENT NUMBERMALZIM1767063128

Type of Cyber IncidentCyber Attack

ATTACK VECTORemail, phone calls, SMS, social media, messaging apps, buying/selling platforms

DATA EXPOSEDNA

INCIDENT DATE10/06/2025

STATUSpublished

Key Highlights From The Incident Analysis

Timeline of Malwarebytes's Cyber Attack and lateral movement inside company's environment.
Overview of affected data sets, including SSNs and PHI, and why they materially increase incident severity.
How Rankiteo’s incident engine converts technical details into a normalized incident score.
How this cyber incident impacts Malwarebytes Rankiteo cyber scoring and cyber rating.
Rankiteo’s MITRE ATT&CK correlation analysis for this incident, with associated confidence level.

Full Incident Analysis Transcript

In this Rankiteo incident briefing, we review the Malwarebytes breach identified under incident ID MALZIM1767063128.

The analysis begins with a detailed overview of Malwarebytes's information like the linkedin page: https://www.linkedin.com/company/malwarebytes, the number of followers: 54673, the industry type: Computer and Network Security and the number of employees: 618 employees

After the initial compromise, the video explains how Rankiteo's incident engine converts technical details into a normalized incident score. The incident score before the incident was 635 and after the incident was 615 with a difference of -20 which is could be a good indicator of the severity and impact of the incident.

In the next step of the video, we will analyze in more details the incident and the impact it had on Malwarebytes and their customers.

A newly reported cybersecurity incident, "Mobile Scams and Threats Exposure", has drawn attention.

Almost half (44%) of mobile users report being exposed to scams and threats on a daily basis, with concerns about losing important files and productivity loss.

The disruption is felt across the environment, affecting mobile devices.

Formal response steps have not been shared publicly yet.

The case underscores how teams are taking away lessons such as Mobile threats are increasingly sophisticated, with social engineering and phishing as dominant attack vectors. Users struggle to distinguish scams from legitimate communications, and the psychological toll is significant, and recommending next steps like Empower users with tools and knowledge to spot and report scams, Enhance mobile security measures for BYOD environments and Raise awareness about deepfake and AI-driven threats.

Finally, we try to match the incident with the MITRE ATT&CK framework to see if there is any correlation between the incident and the MITRE ATT&CK framework.

The MITRE ATT&CK framework is a knowledge base of techniques and sub-techniques that are used to describe the tactics and procedures of cyber adversaries. It is a powerful tool for understanding the threat landscape and for developing effective defense strategies.

MITRE ATT&CK® Correlation Analysis

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Phishing (T1566) with high confidence (95%), supported by evidence indicating primary attack vectors included email (65%), SMS (50%), social media (47%), Phishing: Spearphishing Link (T1566.001) with moderate to high confidence (80%), supported by evidence indicating mobile phishing (mishing) has surged, with 82% of phishing sites targeting mobile, Phishing: Spearphishing Attachment (T1566.002) with moderate to high confidence (70%), supported by evidence indicating 36% of respondents reported malware infections via mobile vectors, and Drive-by Compromise (T1189) with moderate confidence (60%), supported by evidence indicating social media (47%) and messaging apps (40%) as attack vectors. Under the Execution tactic, the analysis identified User Execution (T1204) with high confidence (90%), supported by evidence indicating 66% of users struggle to distinguish legitimate communications from fraudulent ones and User Execution: Malicious Link (T1204.001) with moderate to high confidence (85%), supported by evidence indicating social engineering (53%) was the most common threat, with 19% of users falling victim. Under the Credential Access tactic, the analysis identified Adversary-in-the-Middle (T1557) with moderate to high confidence (70%), supported by evidence indicating extortion schemes affected 17%, including virtual kidnapping attempts (18%) and Forge Web Credentials (T1606) with moderate confidence (60%), supported by evidence indicating deepfake scams (20%) and AI-driven threats amplifying risks. Under the Impact tactic, the analysis identified Data Encrypted for Impact (T1486) with moderate to high confidence (80%), supported by evidence indicating ransomware (25%) and extortion schemes (17%) reported by victims and Defacement (T1491) with moderate confidence (50%), supported by evidence indicating psychological impact such as 46% cited mental health issues, 25% faced blackmail. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with moderate to high confidence (70%), supported by evidence indicating data theft and extortion (17%) as primary motivations. Under the Defense Evasion tactic, the analysis identified Masquerading (T1036) with moderate to high confidence (85%), supported by evidence indicating 66% of users struggle to distinguish legitimate communications from fraudulent ones and Code Signing: Code Signing Certificates (T1553.002) with moderate confidence (50%), supported by evidence indicating malware infections (36%) via mobile vectors. These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.

Initial Access

Phishing (95%)

Phishing: Spearphishing Link (80%)

Phishing: Spearphishing Attachment (70%)

Drive-by Compromise (60%)

Execution

User Execution (90%)

User Execution: Malicious Link (85%)

Credential Access

Adversary-in-the-Middle (70%)

Forge Web Credentials (60%)

Impact

Data Encrypted for Impact (80%)

Defacement (50%)

Exfiltration

Exfiltration Over C2 Channel (70%)

Defense Evasion

Masquerading (85%)

Code Signing: Code Signing Certificates (50%)

Sources & References

Malwarebytes Rankiteo Cyber Incident Details: https://www.rankiteo.com/company/malwarebytes/incident/MALZIM1767063128
Malwarebytes CyberSecurity Rating page: https://www.rankiteo.com/company/malwarebytes
Malwarebytes Rankiteo Cyber Incident Blog Article: https://blog.rankiteo.com/malzim1767063128-cyber-attack-june-2025/
Malwarebytes CyberSecurity Score History: https://www.rankiteo.com/company/malwarebytes/history
Malwarebytes CyberSecurity Incident Source: https://www.infosecurity-magazine.com/news/half-of-mobile-users-now-face/
Rankiteo A.I CyberSecurity Rating methodology: https://www.rankiteo.com/Images/rankiteo_algo.pdf
Rankiteo TPRM Scoring methodology: https://static.rankiteo.com/model/rankiteo_tprm_methodology.pdf