background pattern
BEHIND THE HEADLINES – SEPTEMBER 2023

Threat actor offers data allegedly harvested from Chinese government sources

woman looking at screen

In this edition

case study thumbnail

Lead Article

MGM Cyber Attack: Slots and ATMs Disrupted at Casinos, Website Down

Read more
case study thumbnail

Cybercriminals demand huge payouts for Chinese government data

Read more
case study thumbnail

AnonFiles shutdown sends shockwaves through cybercrime community

Read more
case study thumbnail

Feature Article

Data from leading education app leaked on dark web

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, 283 ransomware results were detected on our Investigative Platform in August, in comparison with 283 results in July. The ransomware gang Lockbit were responsible for 38% of ransomware attacks this month. The top targeted countries were United States (139), United Kingdom (21), Germany (13), France (12).

piechart1

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2023-35081

    The current DVE score is 8.09. A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

    CVSS: 7.2

    DVE: 8.09

  2. 2.

    CVE-2023-36884

    The current DVE score is 9.96. Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products.

    CVSS: 7.5

    DVE: 9.96

  3. 3.

    CVE-2023-40982

    The current DVE score is 7.32. Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

    CVSS: 6.5

    DVE: 7.32

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for July 2023

In August, Redline stealer malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

This malware harvests information from browsers such as saved credentials and credit card information. More recent versions of the malware added the ability to steal cryptocurrency.

RedLine Stealer is a Malware-as-a-Service (MaaS), so threat actors can purchase it and sell the stolen data on dark web forums.

piechart2

Live from the newsroom

  1. Rogue Lessons: Threats to the Education Sector on the Dark Web

    See Details

  2. Cybersecurity Challenges and the Unique Vulnerabilities Faced by the Healthcare Industry

    See Details

  3. The cybercrime underground is far less Russian and more segmented than you probably think

    See Details