background pattern
BEHIND THE HEADLINES – FEBRUARY 2024

Major health sector breach hits the headlines and further details surface on the latest Ivanti vulnerabilities

February magazine image
case study thumbnail

Feature Article

33 Million People: Data of almost half of France's population stolen in health sector breach

Read more
case study thumbnail

Lead Article

Cybersecurity Breach Hits AnyDesk

Read more
case study thumbnail

Exploitation of New Ivanti Security Flaws Increases as Proof-of-Concepts Emerge Online

Read more
case study thumbnail

American Retailer VF Corporation Reports Significant Data Breach

Read more
case study thumbnail

Feature Article

Oregon Community College Halts Classes Due to 'LockBit' Ransomware Attack

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, 313 ransomware results were detected on our Investigative Platform in Januaryr, in comparison with 255 results in December. The ransomware gang Cactus were responsible for the highest number of ransomware attacks this month. The top targeted industries were manufacturing, transportation and healthcare. The United States and the UK were the top targeted countries.

sector chart feb

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2023-4966

    The current DVE score is 9.78. This is related to a vulnerability that involves sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. It is known to be related to several APTs, including CHARIOT SPIDER, Luminous Moth, Agrius, Storm-0558.

    CVSS: 7.5

    DVE: 9.78

  2. 2.

    CVE-2024-0204

    The current DVE score is 9.41. This relates to an authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

    CVSS: 9.8

    DVE: 9.41

  3. 3.

    CVE-2023-446805

    The current DVE score is 8.78. This vulnerability is a critical authentication bypass vulnerability that affects the web component of Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure, and Ivanti Policy Secure gateways. This vulnerability impacts all supported versions, including Version 9.x and 22.x.

    CVSS: 8.2

    DVE: 8.78

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for January 2024

In January, Lumma malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

Lumma malware, also known as Lumma Stealer, is a data-stealing malware that emerged in 2022. It is primarily distributed through phishing emails, YouTube campaigns, and spear-phishing websites. Lumma Stealer is designed to steal sensitive information from infected systems, including passwords, cookies, autofill data, desktop files, and even cryptocurrency wallets.

malware chart feb

Live from the newsroom

  1. Recent Developments in the Activities of Hacking Group Volt Typhoon

    See Details
  2. Microsoft and the Russian Backed Midnight Blizzard Cyber Attack

    See Details
  3. Frost & Sullivan Recognizes Cybersixgill as a Leader in Cyber Threat Intelligence

    See Details