background pattern
BEHIND THE HEADLINES – AUGUST 2023

Discover the latest information stealer news & cybercrime attacks

Cyber developer

In this edition

case study thumbnail

Lead Article

Attackers abuse ‘havoc’ framework in financial institution breach

Read more
case study thumbnail

New ‘WormGPT’ crimeware generates malicious code and phishing lures

Read more
case study thumbnail

‘Threat-to-life crime’: cyber attack shuts down emergency rooms in U.S

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, 403 ransomware results were detected on our Investigative Platform in July, in comparison with 458 results in June. The ransomware gang Clop were responsible for 59% of ransomware attacks this month – an increase of 13% from last month. The top targeted countries were United States (304), Germay (17), United Kingdom (11), India (8), Turkey (4).

Ransomware Insights

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2023-36884

    The current DVE score is 9.96. Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.

    CVSS: 8.6

    DVE: 9.96

  2. 2.

    CVE-2023-35078

    The DVE score is currently 7.37. This vulnerability allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023.

    CVSS: Awaiting

    DVE: 7.37

  3. 3.

    CVE-2023-27997

    The DVE score is 9.99. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

    CVSS: 9.8

    DVE: 9.99

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for July 2023

In July, Racoon stealer malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

Raccoon malware is a type of malware that steals sensitive information from infected devices. It was first discovered in 2019 and has since been used to steal a variety of data, including passwords, credit card numbers, and cryptocurrency wallet addresses.

Raccoon malware is typically spread through phishing emails, malicious websites, and drive-by downloads.

Malware Insights Pie chart

Live from the newsroom

  1. Cybersixgill Wins 2023 Fortress Cyber Security Award

    See Details

  2. Rogue Lessons: Threats to the Education Sector on the Dark Web

    See Details

  3. The cybercrime underground is far less Russian and more segmented than you probably think

    See Details