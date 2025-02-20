Top Cybersecurity Threats for September 2023 Business

Author: Phil Muncaster

On the third Wednesday of every month, the Verizon Threat Research Advisory Center (VTRAC) holds a Monthly Intelligence Briefing (MIB) to discuss the current cybersecurity threat landscape. Below is the summary of their most recent briefing.

1. LockBit is considering changes to its ransom policy, which could have a major impact on victims
2. Apple patched two new zero-day bugs being exploited to deliver commercial spyware
3. North Korea's Lazarus Group stole tens of millions of dollars from two crypto firms

Prolific ransomware group LockBit was by far the most successful outfit in August, listing 126 victims on its leak site, according to Verizon intelligence. However, the group is being forced to address internal policy issues, after observing a major inconsistency in the amount of ransom demanded by different affiliates. It to these affiliates earlier this month, which could have a significant impact on victims. The options offered to affiliates were:,Already, one affiliate dubbed the National Hazard Agency has said it will not accept less than 3% of victims' annual revenue and has vowed to destroy data if negotiators try to bargain them down. The debate highlights the struggle ransomware groups are having in monetizing their attacks but could also signal a new hard line on payments, which may harm victims financially. Apple was forced to patch two critical zero-day vulnerabilities exploited in the wild to deliver Pegasus spyware from notorious cyber mercenary firm NSO Group. Non-profit it discovered the BlastPass exploit chain after detecting spyware on the device of an individual employed by a Washington, DC-based civil society organization with international offices. The two WebP Codec vulnerabilities are buffer overflow bug , which affects the ImageIO framework, and , a validation issue in Apple Wallet. Google updated the Chrome browser for an additional WebP vulnerability, . Both have been added to CISA's . It is claimed that Apple devices in lockdown mode are . However, all users are urged to update their devices, as they could enable threat actors to silently deploy spyware to a user's device without requiring interaction. NSO Group is one of many commercial spyware makers that develop such exploits for government clients. North Korea's prolific Lazarus threat group has been blamed for several new raids on cryptocurrency firms, which netted more than $100 million. The a September 4 heist at crypto casino Stake.com. The attack enabled hackers to steal $41 million in Ethereum, Binance Smart Chain (BSC) and Polygon from the firm's hot wallets. A later attack on crypto-exchange CoinEx resulted in a $53 million loss and stemmed from a hot wallet private key that got into the wrong hands. That was to North Korea. is one of several groups working to collect funds for the Kim Jong Un regime's missile and nuclear programs. It has already been blamed for several attacks earlier this year, including ($35 million), . That brings the total haul for 2023 to $226 million, although it could be even greater. Given the recent decision by North Korea to send arms to Russia, these cybersecurity breaches also have a significant geopolitical dimension. Learn more about the ever-evolving nature of security threats and complex risk environments. To find out more, listen to the full threat intelligence briefing from the Verizon Threat Research Advisory Center (VTRAC). 