WithSecure Monthly Threat Highlights Report

LiselotteP · 2023-05-03T11:17:29+00:00

There was an error rendering this rich post.

Get the latest insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team.

Subcribe to our Monthly Threat Highlights Report and other news and updates from WithSecure, by joining our mailing list.

Every month, you'll see the latest highlights in the discussion thread here.

If you'd like to stay in the loop, simply bookmark this discussion and you'll receive a notification whenever we post the latest report.

📝 Click here to see the latest report

Find more posts tagged with

Threats Highlight Report

Threat Intelligence Team

Insights

Comments

LiselotteP

July 2024

This month, we delve into significant events impacting the cybersecurity landscape, including the Crowdstrike outage and the ongoing repercussions of the ransomware attack on Kadokawa Corporation in Japan. We also highlight a critical vulnerability in OpenSSH that could pose risks to many users. Amidst the challenges, there are positive developments as international law enforcement takes action against cybercriminals.

Concerns Over Vulnerability Disclosure: The Zero Day Initiative raised issues regarding the lack of coordination in vulnerability disclosure processes, particularly highlighting instances where serious zero-days were patched without prior warning to researchers. This lack of communication can lead to security researchers opting to release exploits as zero-days, which could force vendors to respond more rapidly to vulnerabilities.
AI Vulnerability Reporting Issues: There are significant concerns regarding the lack of structured vulnerability reporting and tracking for AI and large language models (LLMs). A researcher reported difficulties in getting a denial-of-service vulnerability acknowledged by Microsoft, which initially classified it as a product suggestion rather than a security issue. This reflects a broader issue of inadequate collaboration and transparency in the AI sector.
Increased Exploits: There was a notable increase in detections of a 2017 Microsoft Office Equation Editor CVE, which was reportedly exploited by North Korean actors in attacks targeting the aerospace and defense sectors. This highlights ongoing threats from state-sponsored actors.
Ransomware Impact: The report discusses the ongoing impact of a ransomware attack on Kadokawa Corporation, emphasizing the diverse sectors affected and the variety of data stolen. This incident illustrates the extensive ramifications of ransomware attacks on businesses.
Law Enforcement Actions: International law enforcement agencies have successfully shut down a Russian AI bot farm involved in covert influence operations, seizing domains and social media accounts used for disinformation campaigns. This operation underscores the ongoing battle against cyber influence and propaganda.
Cyber Threats to Major Events: The report includes an analysis of cyber threats facing the Paris 2024 Olympics, indicating that high-profile events attract significant unwanted interest from cyber adversaries.

Download report

LiselotteP

June 2024

Kaspersky software banned from US due to national security concerns.
New MoveIT SFTP vulnerability under active exploitation within hours of being disclosed.
Snowflake data warehousing customers targeted in data theft campaign.
A Chinese APT compromised more than 20,000 Fortinet infrastructure devices in a wide ranging zero-day campaign.
Ransomware incident at US SaaS supplier CDK heavily impacts more than 15,000 car dealerships.
Notable AI cybersecurity stories.

Download report

LiselotteP

May 2024

Emphasis on the importance of multi-factor authentication (MFA) in preventing cyberattacks, as demonstrated by the compromise of Change Healthcare due to a lack of MFA on a Citrix account.
Organizational changes at Microsoft in response to security failures, such as tying senior executives' pay awards to prioritizing security over new features and partnering deputy CISOs with engineering teams.
Ongoing law enforcement actions against cybercriminals, including the action against LockBit and the initiation of a secure-by-design pledge by the US government cybersecurity agency, CISA.
Response to zero-day vulnerabilities in SSL VPN solutions, with Norway's NCSC recommending organizations to switch to more secure alternatives like IPSec IKEv2 VPNs or 5G data connections.
Insights into AI security news, including research on how hackers are leveraging generative AI to enhance their offensive capabilities and strategies to defend against such attacks.

Download report

LiselotteP

April 2024

Key findings from Change Healthcare's Q1 financials regarding the cost of a ransomware attack
How did CISA and MITRE handle breaches related to Ivanti ConnectSecure, and what lessons can be learned from their transparency?
What scathing observations and recommendations did CISA make regarding the Microsoft corporation's culture, risk management, and communications in relation to the Microsoft Exchange Online compromise of late 2023?

Download report

LiselotteP

March 2024

Reports of political espionage by China, specifically the compromise of the UK Electoral Commission by Chinese state-sponsored attackers.
The FBI's report on the increase in ransomware attacks against critical infrastructure, with a significant rise in reported attacks and losses.
Notable IoT vulnerabilities, such as the Saflok RFID-based keycard locks and the CVE-2019-7256 in the Nice Linear eMerge E3-Series operating system.
Disagreements between organizations in the cybersecurity industry regarding responsible disclosure practices and the effectiveness of detection and remediation tools.
Updates on the ransomware industry, including the closure of major players like BlackCat/ALPHV and the impact on the Ransomware as a Service industry.

Download report

LiselotteP

February 2024

Mass exploitation incidents involving Ivanti ConnectSecure and ConnectWise ScreenConnect vulnerabilities.
Ransomware attacks and varying statistics and opinions on the state of the ransomware sector.
Use of Machine Learning and LLMs for malicious activities like fraud and autonomous hacking.
Significant increases in phishing/maldoc exploits targeting client software.
Exploit data highlighting vulnerabilities such as CVE-2023-21716, CVE-2023-38831, CVE-2023-23376, and CVE-2023-23397.
Lazarus Group exploiting a Windows driver zero-day vulnerability (CVE-2024-21338) to disable security tools.
Newly exploited vulnerabilities added to CISA's Known Exploited Vulnerabilities catalogue, including CVE-2023-4762 affecting Google Chromium V8.

Download report

LiselotteP

January 2024

Multiple zero-day vulnerabilities in Ivanti Connect Secure VPN appliances
Compromise of Microsoft and HP Enterprise by Russian state actors
Spike in Akira ransomware activity targeting the Nordics
Vulnerabilities in GitLab and GitHub, raising concerns about CI/CD pipeline supply chain attacks
Attacks by hacktivist groups with significant impacts
Security failures leading to outages for Orange Spain

Download report

LiselotteP

December 2023

Significant data breaches affecting US telecoms provider Xfinity, US mortgage lender MrCooper, and DonorView, a provider of a cloud-based charitable donation platform
Active exploitation of the zero-click Outlook/Exchange exploit by Russian APT, identified as Unit 26165 of the Russian GRU.
Analysis of exploit data focusing on changes over time in WithSecure and VirusTotal detection data, including fluctuations in the use of specific CVEs.
Ongoing events surrounding Israel and Palestine with associated hacktivist proxies active in the cyber arena for both sides.
Continuation of ransomware attacks, albeit in lower numbers than previous months, and signs of potential return of Qakbot after being taken down by Law Enforcement Agencies.
Exploration of interesting vulnerabilities, both old and new, with a different approach to analyzing the data on these vulnerabilities.

Download report

LiselotteP

November 2023

Exploitation of Vulnerabilities
SolarWinds Lawsuit
Ransomware Trends and Notable Reports

Download report

LiselotteP

October 2023

An ongoing phishing campaign impacting Finland
The state of the infostealer market
Fallout following the compromise of Okta
A new HTTP/2 rapid reset DDoS technique
The state of the hacktivist landscape, which has been further shaped by ongoing conflict in Israel
Tracking the ransomware landscape, including statistics from known attacks
Reference to a wider piece of research on the malware Darkgate

Download report

LiselotteP

September 2023

Monthly highlights
Ransomware
Other notable highlights in brief

Download report

LiselotteP

August 2023

Monthly highlights
Ransomware trends and notable reports
Other notable highlights in brief, and threat data highlights
Latest news and trends in the cyber security industry
Newcomers in the ransomware space, such as "Cloak", "Metaencryptor" and "Ransomed"

Download report

LiselotteP

July 2023

Exploitation of Ivanti EPMM resulting in the compromise of government departments in Norway
Ransomware incidents involving newcomers BigHead and the impersonation of Sophos
Driver loopholes
Exploitation of Citrix products
TeamsPhisher tool that is being ignored by Microsoft
Examination of the hacktivist landscape
Statistics relating to the most active threat groups throughout July

The report examines the hacktivist landscape and includes statistics relating to the most active threat groups throughout July.

Download report

LiselotteP

Ransomware has been a hugely profitable industry for criminal gangs for the last few years. The total amount of ransom paid since 2020 is estimated to be at least $2 billion, and this has both motivated and enabled the groups who are profiting from this activity to become more professional.

These groups are emulating the legitimate tech ecosystem and seeking greater efficiencies and profits: they outsource common, complex problems; they subcontract work; and they employ freelancers via what could be termed a gig economy of operators.

Stephen Robinson - Senior Threat Intelligence Analyst at WithSecure

https://www.helpnetsecurity.com/2023/07/12/ransomware-industry-profitability/

LiselotteP

June 2023

Mass exploitation of a vulnerability in MOVEit by Clop
The use of "Bring Your Own Vulnerable Driver" (BYOVD) techniques in terminating AV/EDR
Chinese APT group Volt Typhoon surfaces
Mod poisoning for the popular video game Minecraft
Updates on the hacktivism landscape
Ransomware trends

The ransomware section includes identification of three newcomers and updates on the scale of attacks and statistics relating to the most active groups throughout June.

Download report

LiselotteP

May 2023

Latest Threat Highlights: 8x TLD disruption, Outlook bug patch bypassed, more Wordpress woe, an Infostealer special focus and new threat groups.

Ransomware: Trends and notable reports

Newcomers
Akira ransomware goes retro
Royal
Money Message leaks MSI keys
Buhti switches it up

Other notable highlights in brief

Goodbye CryptBot, NodeStealer and Snake
Does this Android look infected?
Brute Print

Threat data highlight

Research highlights

Download report

LiselotteP

April 2023

Threat Intel monthly highlights: Ransomware gangs get Papercuts, Lockbit and BlueNoroff get into MacOS, pro-Russian 'hacktivism' continues and 3CX continues.

Ransomware: Trends and notable reports
- Capita
- Nokoyawa – CVE-2023-28252
- Rorschach Ransomware discovered
Other notable highlights in brief
- DuckTail new update?
- APT41 HOODOO
- Service Location Protocol Vulnerability
- Google Chrome Zero Day attacks
- Continued targeting of Networking Devices
Threat data highlights
Research highlights