BEHIND THE HEADLINES – DECEMBER 2023
Christmas comes early for threat actors: Attack traps containers in Australian port & ransomware gang reports its own victim to the authorities
)
In this edition
- 'DP World' Attack: 30,000 containers trapped after Australian Port Breached
- Proxy botnet infiltrates thousands of systems across the globe
- Ransomware gang reports its own victim to authorities for failing to disclose attack
- 'Citrix Bleed' Zero-day exploited in the wild as proof-of-concept circulates
Feature Article
Ransomware gang reports its own victim to authorities for failing to disclose attack
THREAT ACTOR TRENDS
Ransomware insights
According to Cybersixgill’s data, 530 ransomware results were detected on our Investigative Platform in November, in comparison with 283 results in October. The ransomware gang BlackBasta were responsible for 130 ransomware attacks this month. The top targeted industries were education, healthcare and manufacturing. North America, Germany and the UK were the top targeted countries.
)
)
The top CVE’s this month based on Cybersixgill’s data
1.
CVE-2023-20198
The current DVE score is 10. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.
CVSS: 10
DVE: 10
2.
CVE-2023-4966
The current DVE score is 9.98. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
CVSS: 7.5
DVE: 9.98
3.
CVE-2023-41064
The current DVE score is 9.75. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS: 3.1
DVE: 9.75
THREAT ACTOR TRENDS
Malware insights
The most mentioned malware for November 2023
In November, Lumma malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.
Lumma malware, also known as Lumma Stealer, is a data-stealing malware that emerged in 2022. It is primarily distributed through phishing emails, YouTube campaigns, and spear-phishing websites. Lumma Stealer is designed to steal sensitive information from infected systems, including passwords, cookies, autofill data, desktop files, and even cryptocurrency wallets.
)
Live from the newsroom
2024 Predictions: AI Becomes More Accessible as Cybersecurity Vendors Address Data Reliability, Diversity, and Privacy
See Details2024 Predictions: AI Will be Used as an Attack Tool and Target
See DetailsSolving the CTI Paradox: Don’t let too much data paralyze your security team
See Details