BEHIND THE HEADLINES – JUNE 2023
The latest government, industry & consumer threat news
)
In this edition
- Phishing Attacks And Tax Season Scams Exploit Fake IRS Forms
- BatLoader malware lures victims with Google websites
- Telecom Giant AT&T’s Customers Notified Of Breach, Data Advertised On Underground
- Researchers Discover Sensitive US Military-Related Email Server Exposed Online
- Powerful new ‘stealc’ malware builds buzz on the underground
Feature Article
BatLoader malware lures victims with Google websites
Feature Article
Phishing Attacks And Tax Season Scams Exploit Fake IRS Forms
THREAT ACTOR TRENDS
Ransomware insights
According to Cybersixgill’s data, there were 348 ransomware results in April 2023, compared to 473 results in March. The ransomware gang Lockbit were responsible for 47% of ransomware attacks this month.
Manufacturing recorded the highest percentage of ransomware attacks for April. Among the reasons cybercriminals consistently target the manufacturing sector is the perception that entities in this industry are well-capitalized and can pay large ransoms.
)
)
The top CVE’s this month based on Cybersixgill’s data
1.
CVE-2023-27532
The current DVE score is 9.64 This is related to the vulneraability in the veeam Backup & Replication component that allows encrypted credentials stored in the configuration database to be obtained.
CVSS: 7.5
DVE: 9.64
2.
CVE-2023-23397
The current DVE score is 10. This refers to a Microsoft Outlook Elevation of Privilege Vulnerability.
CVSS: 9.8
DVE: 10
3.
CVE-2023-28252
The current DVE score is 10. This is related to a Windows common Log File System Driver Elevation of Privilege Vulnerability.
CVSS: 7.8
DVE: 10
THREAT ACTOR TRENDS
Malware insights
The most mentioned malware for April 2023
In April, Redline stealer malware had the highest number of mentions on the underground (over 2,240) according to the Cybersixgill Investigative Portal.
This malware harvests information from browsers such as saved credentials and credit card information.
RedLine Stealer is a Malware-as-a-Service (MaaS), so threat actors can purchase it then sell the stolen data on dark web forums.
)
Live from the newsroom
RSA 2023: AI, Automation, and Data Privacy on Full Display
See DetailsA Day in the Life of a Hacker
See Details