background pattern
BEHIND THE HEADLINES – JUNE 2023

The latest government, industry & consumer threat news

Man looking at screens

In this edition

case study thumbnail

Lead Article

Powerful new ‘stealc’ malware builds buzz on the underground

Read more
case study thumbnail

Researchers Discover Sensitive US Military-Related Email Server Exposed Online

Read more
case study thumbnail

Telecom Giant AT&T’s Customers Notified Of Breach, Data Advertised On Underground

Read more
case study thumbnail

Feature Article

BatLoader malware lures victims with Google websites

Read more
case study thumbnail

Feature Article

Phishing Attacks And Tax Season Scams Exploit Fake IRS Forms

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, there were 348 ransomware results in April 2023, compared to 473 results in March. The ransomware gang Lockbit were responsible for 47% of ransomware attacks this month.

Manufacturing recorded the highest percentage of ransomware attacks for April. Among the reasons cybercriminals consistently target the manufacturing sector is the perception that entities in this industry are well-capitalized and can pay large ransoms.

pie chart

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2023-27532

    The current DVE score is 9.64 This is related to the vulneraability in the veeam Backup & Replication component that allows encrypted credentials stored in the configuration database to be obtained.

    CVSS: 7.5

    DVE: 9.64

  2. 2.

    CVE-2023-23397

    The current DVE score is 10. This refers to a Microsoft Outlook Elevation of Privilege Vulnerability.

    CVSS: 9.8

    DVE: 10

  3. 3.

    CVE-2023-28252

    The current DVE score is 10. This is related to a Windows common Log File System Driver Elevation of Privilege Vulnerability.

    CVSS: 7.8

    DVE: 10

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for April 2023

  • In April, Redline stealer malware had the highest number of mentions on the underground (over 2,240) according to the Cybersixgill Investigative Portal.

  • This malware harvests information from browsers such as saved credentials and credit card information.

  • RedLine Stealer is a Malware-as-a-Service (MaaS), so threat actors can purchase it then sell the stolen data on dark web forums.

pie chart

Live from the newsroom

  1. RSA 2023: AI, Automation, and Data Privacy on Full Display

    See Details

  2. A Day in the Life of a Hacker

    See Details

  3. Researchers expose proxies used by major Russian hacktivist group in Western attacks

    See Details