background pattern
BEHIND THE HEADLINES – OCTOBER 2023

What happened next: Threat actor activity following MGM & Caesars attack

October hero image

In this edition

case study thumbnail

Lead Article

After MGM & Caesars attacks, threat actors seek initial access for casinos

Read more
case study thumbnail

Proof-of-concept circulates for Microsoft Sharepoint flaws

Read more
case study thumbnail

Executive corporate accounts targeted by sophisticated MFA bypass malware

Read more
case study thumbnail

Feature Article

Technology giant ORBCOMM: Ransomware attack disrupted shipping and logistics

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, 220 ransomware results were detected on our Investigative Platform in September, in comparison with 283 results in August. The ransomware gang Lockbit were responsible for 62 ransomware attacks this month. The top targeted industries were manufacturing, information technology, education and legal.

cti stats for sept 1

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2023-41064

    The current DVE score is 9.75. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

    CVSS: 7.8

    DVE: 9.75

  2. 2.

    CVE-2023-40477

    The current DVE score is 8.4. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    CVSS: 8.8

    DVE: 8.4

  3. 3.

    CVE-2023-41061

    The current DVE score is 9.55. A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

    CVSS: 7.8

    DVE: 9.55

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for September 2023

In September, Redline stealer malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

This malware harvests information from browsers such as saved credentials and credit card information. More recent versions of the malware added the ability to steal cryptocurrency.

RedLine Stealer is a Malware-as-a-Service (MaaS), so threat actors can purchase it and sell the stolen data on dark web forums.

chart 2

Live from the newsroom

  1. Rogue Lessons: Threats to the Education Sector on the Dark Web

    See Details

  2. CVSS scores inadequately assigned by the NVD

    See Details

  3. Cybersecurity Challenges and the Unique Vulnerabilities Faced by the Healthcare Industry

    See Details