BEHIND THE HEADLINES – JULY 2023
MOVEit shockwaves felt across the UK & new phishing attacks discovered
)
Feature Article
Google’s new ‘Zip’ domains exploited in phishing attacks
THREAT ACTOR TRENDS
Ransomware insights
According to Cybersixgill’s data, 276 ransomware results were detected on our Investigative Platform in May, in comparison with 348 results in April. The ransomware gang Lockbit were responsible for 30% of ransomware attacks this month. The top targeted countries were United States (132), United Kingdom (15), Germany (13), Canada (9).
)
)
The top CVE’s this month based on Cybersixgill’s data
1.
CVE-2023-27350
The current DVE score is 10. This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914)
CVSS: 9.8
DVE: 10
2.
CVE-2023-32784
The current DVE score is 9.52. A vulnerability in the open-source password manager KeePass can be exploited to retireve the master password from the software's memory.
CVSS: 7.5
DVE: 9.52
3.
CVE-2023-28252
The current DVE score is 10. This is related to a Windows common Log File System Driver Elevation of Privilege Vulnerability.
CVSS: 7.8
DVE: 10
THREAT ACTOR TRENDS
Malware insights
The most mentioned malware for May 2023
In May, Racoon stealer malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.
Raccoon malware is a type of malware that steals sensitive information from infected devices. It was first discovered in 2019 and has since been used to steal a variety of data, including passwords, credit card numbers, and cryptocurrency wallet addresses.
Raccoon malware is typically spread through phishing emails, malicious websites, and drive-by downloads.
)
Live from the newsroom
AI-based threat intel tool unveiled by Cybersixgill
See DetailsA new report reveals the trends and tactics on the cybercriminal underground
See DetailsAPT5s Citrix expolit and Log4j: different names, same game
See Details