background pattern
BEHIND THE HEADLINES – NOVEMBER 2023

Exploited vulnerabilities, misconfigured systems & the largest DDoS attack EVER

November BTH hero

In this edition

case study thumbnail

Lead Article

Network outage disrupts Kwik Trip convenience store operations

Read more
case study thumbnail

ServiceNow misconfiguration allegedly exposes massive amounts of customer data

Read more
case study thumbnail

Zero-day Citrix vulnerability exploited in new wave of attacks

Read more
case study thumbnail

Feature Article

Rapid Reset: New DDoS vector produces largest attacks ever

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, 283 ransomware results were detected on our Investigative Platform in October, in comparison with 220 results in September. The ransomware gang Lockbit were responsible for 58 ransomware attacks this month. The top targeted industries were manufacturing, healthcare, education and technology.

malware by industry

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2023-20198

    The current DVE score is 10. Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

    CVSS: 10

    DVE: 10

  2. 2.

    CVE-2023-4106

    The current DVE score is 9.75. A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10.

    CVSS: 7.8

    DVE: 9.75

  3. 3.

    CVE-2023-22515

    The current DVE score is 9.37. Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

    CVSS: 9.8

    DVE: 9.37

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for October 2023

In October, Lumma malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

Lumma malware, also known as Lumma Stealer, is a data-stealing malware that emerged in 2022. It is primarily distributed through phishing emails, YouTube campaigns, and spear-phishing websites. Lumma Stealer is designed to steal sensitive information from infected systems, including passwords, cookies, autofill data, desktop files, and even cryptocurrency wallets.

ransomware groups

Live from the newsroom

  1. Beware the Square: A Deep Dive into QR Code 'Quishing

    See Details

  2. Compliance and reporting made easier with our new Investigative Report Builder

    See Details

  3. A Series of Unfortunate Cyber Events in Australia and the Mandate for Change

    See Details