background pattern
BEHIND THE HEADLINES – JUNE 2024

A fresh wave of attacks affect over 500million people

June BTH

In this edition

case study thumbnail

Lead Article

590Million Customers Affected by 2 Major Attacks: Data Released on BreachForums

Read more
case study thumbnail

FBI Encourages LockBit Victims to Claim Decryption Keys

Read more
case study thumbnail

Stolen Data from US Telecom Company Frontier is Auctioned by RansomHub

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, 583 ransomware results were detected on our Investigative Platform in May, in comparison with 252 results in April. The ransomware gang LockBit were responsible for the highest number of ransomware attacks this month. The top targeted industries were Manufacturing, Professional Scientific Services, IT and Health Care. The United States, Canada, UK and Germany were the top targeted countries.

Industry attacks June BTH

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2024-3094

    The current DVE score is 10. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code.

    CVSS: 10

    DVE: 10

  2. 2.

    CVE-2024-3400

    The current DVE score is 10. A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

    CVSS: 10

    DVE: 10

  3. 3.

    CVE-2024-21761

    The DVE score is 9.97. An out-ofbounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests.

    CVSS: 9.8

    DVE: 9.97

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for May 2024

In May, Redline stealer malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

This malware harvests information from browsers such as saved credentials and credit card information. More recent versions of the malware added the ability to steal cryptocurrency.

RedLine Stealer is a Malware-as-a-Service (MaaS), so threat actors can purchase it, then sell the stolen data on dark web forums.

Malware attacks June BTH

Live from the newsroom

  1. CVE-2024-24919: A Check Point Security Gateway Vulnerability

    See Details

  2. Three Steps to Take When Buying A Threat Intelligence Tool

    See Details

  3. State of the Underground 2024: U.S. targeted for ransomware more than the rest of the world combined

    See Details