Lead Article
BEHIND THE HEADLINES – MARCH 2024
International law enforcement agencies achieve a trilogy of successes against cybercriminals
)
In this edition
- CrimeMarket Crumbles: German Police Crack Down on Cybercrime Citadel
- FBI Takes Down Warzone Rat Malware Operation
- New Ransomware Renegade on the Block: Trisec Vision Targets Irish Toyota Dealership
- New Rhysida Ransomware Attack - A Chilling Reminder of the Vulnerability of Healthcare Institutions
- Operation Cronos Vs LockBit: The battle rages on but has the notorious gang suffered irreparable damage?
Feature Article
New Rhysida Ransomware Attack - A Chilling Reminder of the Vulnerability of Healthcare Institutions
Feature Article
New Ransomware Renegade on the Block: Trisec Vision Targets Irish Toyota Dealership
THREAT ACTOR TRENDS
Ransomware insights
According to Cybersixgill’s data, 325 ransomware results were detected on our Investigative Platform in February, in comparison with 313 results in January. The ransomware gang LockBit were responsible for the highest number of ransomware attacks this month. The top targeted industries were manufacturing, scientific and technical services, and construction. The United States, Italy, Canada, France and the UK were the top targeted countries.
)
)
The top CVE’s this month based on Cybersixgill’s data
1.
CVE-2023-46805
The current DVE score is 9.55. This is a critical authentication bypass vulnerability that affects the web component of Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure, and Ivanti Policy Secure gateways. This vulnerability impacts all supported versions, including Version 9.x and 22.x.
CVSS: 8.2
DVE: 9.55
2.
CVE-2024-21410
The current DVE score is 9.42. This vulnerability relates to a Microsoft Exchange Server Elevation of Privilege Vulnerability.
CVSS: 9.8
DVE: 9.42
3.
CVE-2023-3824
The current DVE score is 9.2. This relates to a vulnerability in PHP versions 8.0., 8.1., and 8.2.*. It involves insufficient length checking when loading a phar file, which can lead to a stack buffer overflow and potentially result in memory corruption or remote code execution (RCE).
CVSS: 9.8
DVE: 9.2
THREAT ACTOR TRENDS
Malware insights
The most mentioned malware for February 2024
In February, Redline Stealer malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.
This malware harvests information from browsers such as saved credentials and credit card information. More recent versions of the malware added the ability to steal cryptocurrency.
Redline Stealer is a Malware-as-a-Service (MaaS), so threat actors can purchase it then sell the stolen data on dark web forums.
)
Live from the newsroom
Artificial Intelligence and The New Life of a Cyber Analyst
See DetailsGlupteba Botnet Adds UEFI Bootkit to Cyberattack Toolbox
See DetailsLockBit Ransomware Group's Re-emergence: Immediate Threats and Organizational Awareness
See Details